Requirements
– Keeping secrets in the environment is convenient, but not every sub-process can be trusted.
– Fail fast when configuration is missing

Solution

def ENV.delete!(key)
  delete(key) || raise(KeyError, "key not found: #{key.inspect}")
end

secret = ENV.delete!('SECRECT')