From needing to hide API keys to app authorization keys and secrets, dotenv is the gem you want to use in order to protect your projects credential...
For further actions, you may consider blocking this person and/or reporting abuse
Securing Configuration Files on AWS
So if you aren't suppose to commit you dotenv, application.yml, or secrets.yml then how do you get those configuration files onto your server? Well it depends.
Heroku, OpsWorks and Elastic Beanstalk have a place where you can environment variables (env vars) into a GUI which get passed to your instances but sometimes we aren't so lucky to have a GUI such as when you are provisioning an instance manually eg. Linode, Digital Ocean or EC2 instances.
So what you can do instead if store your configuration file on S3, System Managers Parameter Store or AWS Secrets Manager. Then when you deploy you have a script triggered that will use the AWS SDK to pull from one of the three services I suggested.
Another good reason to store your configuration file in one of the 3 AWS services I mentioned is you can apply encryption using KMS and can even restrict access to specific users so only those who are in the need to know basis can actually see the configuration file.
In my Video on AWS Security I show more in detail how to do this specific to configuration files.
Figaro vs DotEnv
I wanted to suggest an alternative to dotenv as Figaro I think is more wildly adopted in the Rails community. Though dotenv is quite universal though either or will get the job done. Here's the difference which I pulled from the Figaro's github page:
Configuration File
Configuration File Format
Security vs. Convenience
Framework Focus