There is no good reason for authentication secrets to be in your source tree though.

I’m not suggesting this is perfect in any case, but it would at least place an upper bound on whatever amount of IP leakage you think might happen.

But do you ever edit your authentication secrets in your text editor? I edit my .env file in vim all the time.