Ruby on Rails, Paperclip, Heroku, GitHub and AWS - securing keys

I'm using RoR hosted by Heroku and I'd like to store files on s3 using paperclip. My source code is hosted on github and is world readable. What is the best practice to keep the keys a secret from the rest of the world?
Paperclip suggests that the access keys are stored in a configuration file (or in code), so for example I have:

file: config/s3.yml

access_key_id: my_access_key_id
secret_access_key: my_very_secret_key
bucket: bucket_name

Heroku works by committing code to local git and then pushing it to Heroku. Since I'm also using github, I push the same code to github as well. That means that I push the secret keys there too.
I'm currently using a world-readable github account, so if I payed github I could make half the problem go away but still I'm not happy with secret keys lying in a configuration file in code. I don't know if there's a better practice for this though.

What is the best practice for keeping the keys secret and still using the above mentioned list of libraries and services?

BTW, I've only started with ror and heroku last week so I may be considered a newbe, please be considerate ;) Thanks!