I want to keep my smtp login information private. And its a hassle to edit application-prod.yml every time I have to deploy to production.

What is the correct method to avoid storing sensitive details in application-prod.yml on github ?

Many different ways depending on where and how you deploy to:

• Don't store application-prod.yml in git and don't package it in your jar
• Don't store secrets in application-prod.yml, use environment variables or command line options. See Spring Boot doc.
• Encrypt secrets using git-crypt in application-prod.yml
• Store secrets in external Spring Cloud Config Server (e.g. JHipster Registry) or HashiCorp Vault

and many other ways...