Seriously, it's your fault that GitHub exposed your keys. If you want to add everything to your repo (not that this is a good idea though), at least make it private.

If you want to have per-environment variables, use the environment variables. But my development env would be full of crap! some of you may cry... well, there's a simple solution for that. Use Dotenv.

With Dotenv you only need to add a .env file to your application root directory and you're done. Here's a quick example:

# .env

Then in your code, simply use ENV[] and be happy (and safe, but mostly happy)

# some config file
config.fog_directory  = ENV['S3_BUCKET']

And just like that, you can setup your server's config environments and not worry about supposed-to-be-private public information.

One really cool thing about this is that this variables will only be loaded in that specific application. It won't change your environment. So when you stop the servers, your environment won't have the .env variables.

You can read more about Dotenv here.