I am not yet accustomed with the way Git works (And wonder if someone besides Linus is ;)).
If you use Heroku to host you application, you need to have your code checked in a Git repo. If you work on an open-source project, you are more likely going to share this repo on Github or other Git hosts.
Some things should not be checked in the public repo; database passwords, API keys, certificates, etc…
But these things still need to be part of the Git repo since you use it to push your code to Heroku.
How to work with this use case?
Note: I know that Heroku or PHPFog can use server variables to circumvent this problem. My question is more about how to "hide" parts of the code.
Best Answer
The preferred method of keeping passwords/api keys secret on heroku is to set config values via the heroku commandline application. The following example taken from a heroku dev center article
(The below example, and my entire answer relate to rails apps)
Then reference these config values in your code using the ENV[] variable
This way your sensitive passwords are not stored in the git repository. (Note: When running the app locally, set these values in your
.bashrc
fileAlso, I'm not sure what type of application you are running, but in Rails, heroku does not use your database.yml file, it simply sets your database username/password according to your app settings. So you can avoid saving those credentials in git
Also, also, if you are running your own application and want it to remain private, a great alternative to github is bitbucket which offer free private repositories.