diff --git a/project/api/views/auth.py b/project/api/views/auth.py
index 7e688f8..4fa8f5f 100755
--- a/project/api/views/auth.py
+++ b/project/api/views/auth.py
@@ -124,7 +124,7 @@ def info_token(request):
     except jwt.ExpiredSignatureError:
         return HttpResponse('token ya no es valido', status = 400)
     except jwt.InvalidTokenError:
-        return HttpResponse('token es invalido', status = 400)
+        return HttpResponse('token es invalido A', status = 400)
 
 
 
@@ -152,7 +152,7 @@ def nueva_contrasena(request):
     except jwt.ExpiredSignatureError:
         return HttpResponse('token ya no es valido', status = 400)
     except jwt.InvalidTokenError:
-        return HttpResponse('token es invalido', status = 400)
+        return HttpResponse('token es invalido B', status = 400)
     except Exception as e:
         logging.error(e)
         return HttpResponse('error al cambiar contraseña', status = 500)
diff --git a/project/project/settings.py b/project/project/settings.py
index cb604e0..6d5813c 100644
--- a/project/project/settings.py
+++ b/project/project/settings.py
@@ -24,7 +24,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-ozq@8*t6cy&$lmu@qsvz+l6omsfncj6r1w)s**rtl3vd&j8_#b'
+SECRET_KEY = config('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True