Have you tried adding the environment variables to Vercel ? (see part 4 of my article)
This is where production should access secret keys, not from the env file.
It's probably best to also add the public key to Vercel.
Note you should never commit secrets or passwords to a git repository, this will expose sensitive data to whoever has access to your repository. That's why gitignore is very useful.
here is more info about what gitignore does