The only solution I have in mind is to put all these sensitive variables in a class and simply not add that class to Git.
Yes, that's how to do it. Or better yet, leave credentials out of your code entirely, and put them in a configuration file (which you don't check into Git). The key part of this is "don't check it in to Git", at least, not if you want to share your repository.
Be warned that if you ever did check in those credentials, and you publish the repository, someone can look through history to find them. There are ways to scrub sensitive data from the repository history but it can be tricky to get it right.