using pre-commit with a hook to prevent secrets from being committed provides a bit more help preventing this mistake. Nor full-proof because you could always commit say a base64 encoded .env file.
That relies on the user configuring git hooks correctly, which is a similar problem as noticing that transparent decryption is configured correctly.