Version control database config without exposing passwords

I have a Rails app that I'm sharing via GitHub, but that I'm also
using on my website. It has some configuration options that I don't
wish to share, but that I'd like version controlled. I'd also like to
make it difficult or impossible for me to accidentally push these
config changes up to GitHub.

What is the best practice or convention here?

The only option I could come up with (other than just not versioning
these files), is to keep them on a private branch that I never push to
GitHub.

Any other good ways to go about this?

Dave

The couple projects that I've seen do this put a standard database.yml
at database.yml.example (or similar) and keep their custom version
elsewhere. You could .gitignore it and then symlink it in with
Capistrano post-deploy, for instance.

--Matt Jones