How should a team of developers integrate managing access tokens, API keys, sensitive data into their Git/CI workflow? Let's assume a project bigger than a simple tutorial app, and the need to actually keep the data safe.
Is there a de facto-slash-industry standard of how to implement it? Any success stories, battle-proven attempts, or big-company shots at it? What are your best practices?