Meteor Up's mup.js contains database password

Im using Meteor Up to deploy my app to Digital Ocean and Im using mLab as a database. This is working but I’ve currently got my database password stored in the MONGO_URL:

env: {
	// TODO: Change to your app's url
	// If you are using ssl, it needs to start with https://
	ROOT_URL: '',
	// MONGO_URL: 'mongodb://localhost/meteor',

I obviously don’t want my password saved to my source control but I would like to save the rest of this file. Is there a way of accessing a password string without having it in the file?

I tried adding it to Meteor settings and calling it like so:
MONGO_URL: Meteor.settings.private.DB,

But I get an error:
ReferenceError: Meteor is not defined

I tried importing Meteor into mup.js but then I get this error:

(function (exports, require, module, __filename, __dirname) { import { Meteor } from 'meteor/meteor';
SyntaxError: Unexpected token import

You could add your mup.js to your .gitignore file and add a new mup-example.js that you checkin into git. That example file would then only contain none sensitive data.

He can also encrypt the file automatically when sent to the remote.

But this way it would still be in my source control? I think I’m going to have to live with this. Maybe it was wishful thinking that they could be stored separately as my Amazon S3 credentials are.

Why not just keep it outside the app directory? That’s what I do with all my deployment tool config files (for mup, pm2-meteor, or whatever).

With mup, if you have a directory called myapp that git does source control for, create another folder (at the same level as myapp) called myapp-deploy with a mup.json file in it. In the mup.json file, write:

"app": "../myapp"

Then you can deploy from the myapp-deploy folder, but not commit your deployment config along with the rest of the app.

In a perfect world the config (apart from password) would be in my source control but this is a pretty good solution, thanks!