Storing secure keys on Ubuntu web server
Solution 1:
You can set user and group IDs in gunicorn configuration that will be used by the worker processes. Set the environmental variables in file owned by root and without read permissions (rw-------). This will save your compromised www-data proccess from reading data directly from configuration file, but compromised www-data proccess can still read variables directly from memory.
ps. +1 for DUNG :)