I assume you can have a small wrapper script that gets values from KMS, loads them into the environment and then runs Redash's processes.
If you feel this is still not safe enough, you can change settings.py
to support KMS. If you think this is needed, we should probably abstract the way settings.py
loads settings to allow easily switching between ENV variables and KMS.