I'd say it would depend on how you're deploying to the production environment. Basically, you can use your `secrets.yml` file to store all of the keys and values. Within each of the values, reference an environment variable. So, within the file, you may have something like this: ``` production: database_password: ``` At least, in this way, you're not storing sensitive information in the codebase. From here, you can set your Environment Variables how you see fit. On a production deployment, it could be through ansible/chef/capistrano that is setting the ENV Vars or something similar.