Extract secrets from config files or use npm package that encrypts them

For rare situations where secrets do need to be stored inside source control, using a package such as cryptr allows these to be stored in an encrypted form as opposed to in plain text.

Accessing an API key stored in an environment variable:

const cryptr = new Cryptr(process.env.SECRET);
let accessToken = cryptr.decrypt('e74d7c0de21e72aaffc8f2eef2bdb7c1');