How to keep keys and data which should be on live out of your repository

I think config_split is probably the best way (for low-security things like e-mail addresses that should just be kept out of public repos)


Of course an encrypted vault that puts the keys into settings on deploy is also possible, but even encrypted it’s preferable not to put private information out in the open.

See also: for use with