Credentials which cannot be shared should be placed in this directory. This
typically means source control username/passwords, but can also include other
secret information such as private keys for certifying.

See documentation of particular plugin for the format in which it expects its
credentials.