Keeping access credentials, such as keys, secrets, and tokens safe and secure is important and also falls under Config in the Twelve-Factor App methodology. It is not secure to commit these values to your Git repository as plain text values in your code. An obvious security breach would be that your repository is or becomes public. Even if you have a private repository, by design, repositories can be cloned to any number of devices that you may not control.