The recommended way to do it is to have local.js uncommitted and gitignored on your local machine. Then in connection.js use process.env to fetch environment variables which is what will be used in production.
Your CI boxes should be used for running tests, in which case your actual database stuff should be mocked out. In not super sure how tests fit together with sails but someone else likely will. Falling that, just provide environment variables. If each dev develops locally they should have their own local.js, which is also gitignored and uncommitted. Ideally no passwords should be in version control.