A best practice is “yes”, commit your deploy.rb, but don’t commit any files containing passwords, api_keys, or other private data — instead make those files templates, e.g. in database.yml commit the file with database name, port, username, but something like

password: <db_password>

to create a template file.

Obviously, if your project is in a public repo like GitHub, then has it right. But if your SCM is private, as you say, you should treat it like any other secured resource. Passwords and keys are more than “any other secured resource” — they should be highly secured.

For a fully self-configuring system, create capistrano (or perhaps rake) tasks that read a carefully controlled local file (maybe YAML) having various passwords or keys, and once committed files are deployed, write the passwords to into the templates.

If passwords or the formats of configuration files don’t change a lot, you can use the cap:setup task, then manually add passwords, leave them in the app/shared/config directory and have capistrano create a symlink within the source tree at deployment.

When it comes to deployment, this is something only a highly-privileged user should be performing (especially to production). This practice allows you to make passwords and other sensitive data visible only to users who have been granted access to a given server.

Ryan Bates did some good RailsCasts on strategies like this, check out some of these episodes. Note, many RailsCasts are no longer free, but for $9/month, this well worth it!