Store credential information where it is used. It is not used by the repository, so it is an improper location for it.

If someone gains access to a system that uses the credentials, then there is, in principle, no difference between puppeteering that system versus stealing its credentials.