Remove secrets from repo

[jameshochadel]

Secrets are currently posted publicly in the repository, including database credentials and our AirBrake API key. These need to be removed, and a deployment process needs to be established in the production environment to fill them in appropriately.

[jameshochadel]

AFAIK our Postgres does not accept connections from the internet at large, so it's not currently a vulnerability, but of course the DB credentials should be removed regardless. I've changed all DB passwords on the server and will figure out a solution to automatically filling them in ASAP.

[jameshochadel]

The canonical solution to this is to use environment variables on the production server. We are now doing this with the Airbrake API key.

Alternatively, Rails 5.1 has a new features called Encrypted Secrets that lets you store the secrets, encrypted, right in version control; they are edited using bin/rails secrets:edit and decrypted in appropriate environments using a separately generated key. An upgrade to this version of Rails is planned — see #101.