Freely hosted sites with github pages are super handy, but not being able to manage environment specific configs is a PITA.
Here is my little hack for keeping my localhost configs separate from the production ones that get pushed up to github. I'm only using this for oauth client_ids (which are visible in the browser anyway - don't check in anything that truly needs to be kept secret!). With oauth client_ids it's pretty common to have one scoped for localhost and another scoped for your production domain, the case we're solving for here is keeping that localhost scoped id a secret.