make sure user doesn't accidentally put their credentials in git

.gitignore

@@ -1,6 +1,7 @@
 .pio
 main/configuration.h
 main/credentials.h
+credentials-private.h
 
 # ignore vscode IDE settings files
 .vscode/*
@@ -8,4 +9,4 @@ main/credentials.h
 !.vscode/tasks.json
 !.vscode/launch.json
 !.vscode/extensions.json
-*.code-workspace
+*.code-workspace

main/credentials.h

@@ -24,6 +24,9 @@ Credentials file
 
 #ifdef USE_OTAA
 
+#if 0
+    // copy these variables to ../credentials-private.h and customize with your secret appkey.
+    
     // This EUI must be in little-endian format, so least-significant-byte
     // first. When copying an EUI from ttnctl output, this means to reverse
     // the bytes. For TTN issued EUIs the last bytes should be 0x00, 0x00,
@@ -39,5 +42,6 @@ Credentials file
     // practice, a key taken from ttnctl can be copied as-is.
     // The key shown here is the semtech default key.
     static const u1_t PROGMEM APPKEY[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+#endif 
 
 #endif

main/ttn.ino

@@ -31,6 +31,9 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #include "configuration.h"
 #include "credentials.h"
 
+// This file should not be in any publig git repos, it contains your secret APPKEY
+#include "../credentials-private.h"
+
 // -----------------------------------------------------------------------------
 // Globals
 // -----------------------------------------------------------------------------