From Phoenix Deployment docs:
If for some reason you do not want to rely on environment variables, you can hard code the secrets in your
config/prod.secret.exs
, but make sure to check the file into your version control system.
I believe that to check
should read to not check
, because is against all best practices for security and secrets management to check secrets into version control, unless they are encrypted.