Gradle file to read secrets either from local.properties or passed in by the CI build system through the ‘secrets’ argument. Be aware that you might need to re-configure this file depending on how you want to handle your secrets.
It is not recommend that put the credentials directly into the build.gradle file. Since it cannot be ignored in the version-control system, which means that all developers who work on the same project are able to check with them. Moreover, username and password as part of the build.gradle file, will be included in git, which is quite unsafe.
To make it more secure, just in case if someone who should not get access to the production credentials, we can store the api key in a secrets.gradlefile.