Keystore credentials in a repo file?

According to the whitelabel instructions , the keystore credentials for the APK signing keys should be put in the file. However, this file is checked in in the github repo.
I don’t think this is a good idea. Has anybody thought about that?
There is a way to put the credentials in a separate file which is not checked into github:

But I don’t want to mess up with the code too much… any ideas?