Decrypt your transcrypt-encrypted files on deploy.
Rails now has a secrets.yml, which is actually some ERB that can grab variables out of your ENV. Setting environment variables on Heroku is the recommended way for passing secrets.
However in some situations you need to put secrets into app.json like if you're driving deploys via API. This is a good file to encrypt.
Other good files to encrypt are SSL certificates, and API keys that libraries use that you can't modify to use environment variables.
Assuming you have a repo that you had set up with transcrypt and encrypted some files...
heroku config:set TRANSCRYPT_CMD="$(transcrypt -d | grep "transcrypt -c" | sed 's/^ //')" heroku buildpacks:add --index 1 https://github.com/perplexes/heroku-buildpack-transcrypt
Copy the snippet above into CLI.