"Put the secret into your shared/.rbenv-vars file"... and then say goodbye to them! <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" rel="nofollow">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0...</a> . I don't think keeping your secrets in a file accessible to the web server is a good idea because of LFI vulns like this.<p>Some other ideas that I've heard that may be better: store the secrets on a separate "offline" server that only the web server can talk to. Or have the file readable only by root, run a bootstrap script as root that would read the file, drop root privs, and then start the webserver.
I'm going to go ahead and say that most people don't need rvm/rbenv/chruby etc in production.<p>Ask yourself if you really need multiple versions of ruby in production because if not you can save yourself the headache of setting it up.