Preprocessing YAML + source control

I would like to put the Home Assistant configuration files (.homeassistant/configuration.yaml + included yaml files) under source control. The main reason is that I have a similar configuration that is shared between two instances of Home Assistant (home and summer house).

I have a private repository, but I would like to separate any credentials (passwords, access tokens, etc) in separate file anyway (not checked in).

It seems like there is support in YAML for referencing nodes within the YAML tree (anchor/alias), so it could be possible to include a separate file credentials.yaml (not under source control) from the main configuration and somehow reference nodes within it from the other nodes.

What is the best/preferred way of handling this? Is there any better way?

Also, one related issue: What is the preferred way of preprocessing YAML? Since I have two instances that are very similar in setup, I would like to use the same configuration files, but the possibility of replacing certain items (such as lat/lon + some differences in local configuration).

What is the best/preferred way of handling this?

!include is the way to go for breaking it up in multiple files:

homeassistant: !include core.yaml

The way to do it right now is with an external script that replaces your secret strings. That is what I do for my repo.

Also, this is related to this issue: github.com/balloob/home-assistant/issues/996

Yes, I also noticed that anchor/aliases didn’t work across included files.
Maybe Jinja2 could be used as a preprocessing step replacing variables before parsing the config files.