There's a new command, `bin/rails secrets:setup`. I haven't worked with any recent versions of rails, but it's kind of surprising that they are just now addressing this. I know I've seen Rails secrets being checked into Github.
Even with this, I think it's personally a bad idea. But sometimes security is improved more by reducing the impact of making poor decisions (e.g, storing secrets in your repo more safely) than it is by chastising users to make better decisions (not storing them in your repo at all).