During startup, the database passphrase is read into the Django settings module. The model configuration then picks it up from there in order to retrieve OAuth credentials from the database. The main security element here is the limitation on direct access to the database itself - without the database, the passphrase is useless. However, it's still desirable to make it difficult to access the passphrase, and leaving it in the Django settings module makes it readily accessible in various diagnostic tools, including Django's own traceback error pages (when they're enabled, which is not normally the case in production). The model code should remove this field from the settings module after storing it locally. (Note: this will likely break automatic reloading in the Django development server, if it tries to automatically reload the model definition file)
Marking all remaining PulpDist issues as CLOSED-EOL It doesn't make sense to leave these issues open, as PulpDist hasn't been in active development for quite some time, and restarting development would involve a significant modernisation effort that would likely render many of these requests irrelevant.