git-crypt (github) keeps your secrets safe in a git repository. It decrypts on checkout and encrypts at commit using standard git hooks. Once configured, it is completely transparent.

I had a situation where the secrets were already in the repo and I needed to encrypt them (if you're in this situation, you should also change your secrets because git log -p).

To encrypt files (foo.conf, bar.conf) already in the repo:

$ git-crypt keygen /path/to/key
$ git-crypt init /path/to/key
$ cat > .gitattributes
*.conf filter=git-crypt diff=git-crypt

You may have to commit add/commit .gitattributes first. Then:

$ git add *.conf
$ git commit *.conf -m "encrypt conf files"