Have just discovered git-remote-gcrypt or "gcrypt" as I'll call it here. So far it's working well for me at solving this problem: you have something you want under source code control, you want to push it to a remote frequently for safety* but it contains secrets that shouldn't ever leave the host it's on.
If you have a PGP key pair, gcrypt resolves these conflicting objectives by encrypting the repository before pushing. The remote host only sees crypt text, no use to an attacker unless maybe it's the NSA. If your working copy is lost you can get it back provided you still have your ssh and pgp keys.
* There is a wise saying which from memory goes "if you've only saved it to one hard disk you haven't saved it." One of git's major benefits is saving to another hard disk is only a 'git push' away.
Thanks to the tilde contributors for providing tilde.club.