[duaneb]

Couldn't you just read the file directly? e.g.

    secret_token = File.read('secret_token_dont_check_in')

I fail to see how loading the file into the environment and then into the variable is anything but worse.

[masklinn]

The original issue is people checking their secret token files into their VCS repository and publishing that. Getting the secret token from the ENV means it probably won't be checked into the repo.

[duaneb]

It's still a file (how do you think it gets into the environment?). Whether it's a ruby file or a .env file or a yaml file, it's still equally at risk of being checked in.