In the readme file, under the "Add dashboard access on all environments (including production)" section, there is this example for setting up basic authentication for a dashboard route:

pipeline :admins_only do
  plug :basic_auth, username: "admin", password: "a very special secret"
end

But I think this is a bad example because you shouldn't hardcode passwords into the application code. The last thing we want as a community is to encourage practices that are not secure. :) You'll probably want to use environment variables or something similar, right?

Could the readme file be enhanced with instructions that are more realistic for production?