[stupid "message" here]

I Reckon This Must be the Place, I Reckon

A Place that is small, efficient and fast or something.

The 13th Factor

Hey! I know! Let's put all our login credentials in a single known publicly located file!
  –– dotenv

Heard of the "Twelve Factors"? (The Twelve Factor App: 12factor.net.) Well, they miss one:

The XIII Factor (the Thirteenth Factor, or Factor Thirteen or 13factor):

XIII. Login Processes and Credentials.

Keep Login code and Login Credentials in a non-public, secure location.

Login code should be located in a subdirectory (or file) not within the main Application location and never with a published name that every deployment will use.

Never allow a deployment to use a "Default Admin Password" or "Default Admin Page"; each installation should choose something unique.

Never allow a deployment to store any kind of Login Credentials in a "Default Location"; each installation should choose something unique.

later more...

(while you wait, here's how to Create Strong & Easy to Remember Passwords)