For the development environment, the approach I like the most is to create a script like populate_development_database. Which will be called every time we start the development environment.
That script, let's call it pre_start.py for example, will check there is an entry of a Facebook Provider in database and create if it's not there. Something like:
if not SocialApp.objects.filter(provider=Facebook):
facebook_provider = SocialApp(
provider=Facebook,
secret_key= '34567890',
...
)
facebook_provider.save()
And the place too call pre_start.py will be here: https://github.com/Semillas/semillas_backend/blob/master/compose/django/gunicorn.sh#L2
This will set the development key public. I think there is no problem at all. But maybe we should research a little bit.