Add in your repo:

在你的仓库中添加：

• a template of it (secret_token.rb.template),
• a script able to generate a proper config file secret_token.rbbased on local data found on the server (like an encrypted file with the secret value ready to be decoded and put in the secret_token.rbfile)

• 它的模板 ( secret_token.rb.template),
• 一个能够secret_token.rb根据在服务器上找到的本地数据生成正确配置文件的脚本（例如一个加密文件，其秘密值准备好被解码并放入secret_token.rb文件中）

From there, add a git attribute custom driver:

从那里，添加一个git 属性自定义驱动程序：

The script referenced above will be your 'smudge' script which will, on checkout of the working tree, generate automatically the right file.

上面引用的脚本将是您的“ smudge”脚本，它将在检出工作树时自动生成正确的文件。

Put the secret key in some sort of external config file. Thats what we do.

将密钥放在某种外部配置文件中。这就是我们所做的。

There are several external tools, which do exactly that. Basically, these tools encrypt the file with your private data and store it in the VCS, but ignore the original unencrypted file.

有几个外部工具可以做到这一点。基本上，这些工具使用您的私人数据加密文件并将其存储在 VCS 中，但忽略原始未加密的文件。

One of the most known and trusted is blackbox. It uses gpgto encrypt your files and works with both gitand hg. By the way, it is created by SO team. Have a look at the alternativessection, it has at least five other tools.

最著名和最受信任的一种是blackbox. 它用于gpg加密您的文件并与git和 一起使用hg。顺便说一下，它是由 SO 团队创建的。看看替代部分，它至少有五个其他工具。

I can also recommend you a tool called git-secret, it also uses gpg. But it works only with git. The main advantage is that the workflow is much easier compared to other tools.

我还可以向您推荐一个名为 的工具git-secret，它也使用gpg. 但它仅适用于git. 主要优点是与其他工具相比，工作流程要容易得多。

You could risk trusting Github's security/privacy if it is a private repository .. or:
- Pull the data from a configuration file on the server. For example, if you use Capistrano for deployment, you can add a step that copies the configuration file from somewhere on the server.
- Use an environment variable.

如果 Github 是私有存储库，您可能会冒着信任它的安全性/隐私的风险……或者：
- 从服务器上的配置文件中提取数据。例如，如果您使用 Capistrano 进行部署，您可以添加一个从服务器上某处复制配置文件的步骤。
- 使用环境变量。