At the security talk at this years RailsConf it was suggested to put secrets and other similar items, API keys etc.. Into a separate git repo with very limited access. During deploy your scripts can pull from this repo and set all the necessary ENV variables for your app dynamically. I have tried this personally but I like the approach
-- You received this message because you are subscribed to the Google Groups "Capistrano" group. To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/959043eb-ef0c-43d0-9b1c-3987b74c96c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
