--- /dev/null
+Storing Secrets
+===============
+
+Secrets are things that we have to specify to our app,
+but do not want to check into source control.
+These are stored as files in `karmaworld/karmaworld/secrets`
+
+
+client_secrets.json
+-------------------
+
+`client_secrets.json` is the api drive authentication with google api services for authenticating the server-side of `gdrive.py` requests. It is generated by google and used in `gdrive.py`.
+
+
+db_settings.py
+--------------
+
+`db_settings.py` stores data about the production database.
+
++ PROD_DB_NAME = "" # is the database name in postgres
++ PROD_DB_USERNAME = "" # is the postgres login username
++ PROD_DB_PASSWORD = "" # is the postgres login user password