To clarify for others who might not see this: Where do you think sensitive data - private keys, passwords, etc. - should be kept? For instance, when setting up infrastructure for a company, how would you desire that data be shared across users?
Once might have the same reservations about something like Heroku - or really any cloud provider - given that at some point, you are pushing code to a server that is owned by another company whose security you cannot audit.
If you use ansible, there is a great feature called ansible-vault that allows you to store all those sensitive bits right in the repo but encrypted and automatically readable by ansible when needed.
Once might have the same reservations about something like Heroku - or really any cloud provider - given that at some point, you are pushing code to a server that is owned by another company whose security you cannot audit.