I assume you can have a small wrapper script that gets values from KMS, loads them into the environment and then runs Redash's processes.
If you feel this is still not safe enough, you can change
settings.py to support KMS. If you think this is needed, we should probably abstract the way
settings.py loads settings to allow easily switching between ENV variables and KMS.