Storing your production credentials in your repository is a bad idea. A very bad idea. Even if it's encrypted.

Putting aside the obvious security issues with this, the scope for accidentally using production credentials in a development environment scares me to death. I never want my local development copy of an application to know anything about production. I rest easy knowing if I was to run rake db:reset in development, there's no chance of anything bad happening to our production environment.

There's nothing wrong with encrypting your config files but storing them in your repository... šŸ‘ŽšŸ¼. I'm sad that Rails encourages this behaviour.