Where to save CONSUMER_SECRET and CONSUMER_KEY for oAuth app

I am working on a python program that runs as an svn post-commit hook. It posts your commit message to Twitter.

It works great, but I just realized something. My CONSUMER_SECRET and CONSUMER_KEY are right there in the source code. That's probably a bad thing.

I'm new to python, and I was actually just converting someon开发者_运维技巧e else's program to oAuth from basic HTTP auth. I am using tweepy to post to twitter.

So, how can I securely save my consumer oAuth keys so that people cannot view them?

EDIT: Is it possible to save my keys somewhere where my app can read them, but users can't? I want everyone using this hook to be using my app, so on their tweets it says "via MyApp".

Keep such things in a settings file that you do not commit to your versioning system or code repository in any way. Rather provide a template for the file with documentation on how to populate it with the needed settings (such as their application credentials).