After reading Code Climate's Rails' Insecure Defaults I realized I was guilty of breaking rule 3. Versioned Secret Tokens. Here's how I fixed it.
Use dotenv in development and test environments:
# Gemfile
gem 'dotenv-rails', groups: [:development, :test]