Disguise your API Keys in Android. Everyone has a secret | by tomerpacific | Jan, 2023


Picture by Oleg Didenko on Unsplash

You might be utilizing a model management system and your mission makes use of some companies that require API keys. Every little thing is all good and effectively when it’s in your native machine, however you clearly don’t need to share these API keys with the world.

How can we nonetheless protect our API keys inside our software, but additionally conceal them once we add our code to our repository?

We wish to have the ability to nonetheless use our API keys in a traditional style inside our purposes, but additionally not expose them.

That’s the place secrets and techniques are available in. Comparable to those who you retain solely to your self, however in a developer type of manner.

Secrets and techniques can signify essential info that’s required by your software to function, however shouldn’t be seen to anybody working exterior the mission. These will be API keys or authorization tokens, however in essence it’s any piece of authorization info that ought to solely be utilized by you and also you alone. Much like the way you don’t need to share your password to a web site with anybody else.

🚨 Disclaimer: Remember that the answer offered on this article works for not exposing your secrets and techniques out of your model management system, however since they’re a part of your software, they will nonetheless be found by decompiling your APK. To learn how to try this, right here is an efficient place to begin.

Maintaining Your Secrets and techniques Protected

  1. In your mission, it’s best to have a native.properties file underneath the foundation listing of your mission
  2. To verify it’s ignored by your model management system, open the .gitignore file and see it’s discovered there:
A part of .gitignore file

3. You’ll need to import to your mission the Secrets and techniques Gradle plugin:

3.1. Go to your mission’s root construct.gradle file and paste within the following line:

 buildscript {
dependencies {
id 'com.google.android.libraries.mapsplatform.secrets-gradle-plugin' model '2.0.1' apply false
}
}

3.2. Go to your app’s construct.gradle file and paste within the following line:

plugins {
...
id 'com.google.android.libraries.mapsplatform.secrets-gradle-plugin'
}

4. Add your API key contained in the native.properties file:

native.properties

5. You should utilize your secret inside your AndroidManifest.xml file by including a meta-data tag inside your software tag:

 <software
android:allowBackup="true"
.....
>
<exercise>
....
</exercise>
<meta-data
android:identify="YOUR_API_KEY_NAME" /// Select any worth right here
android:worth="${API_KEY_NAME}"/> /// Write the identify you gave inside your native.properties file
</software>

6. To entry your API key, you should utilize the PackageManager to get the meta information:

val applicationInfo: ApplicationInfo = software.packageManager
.getApplicationInfo(software.packageName, PackageManager.GET_META_DATA)
val apiKey = applicationInfo.metaData["YOUR_API_KEY_NAME"]

7. Alternatively, you can too use the BuildConfig object to get it:

BuildConfig.YOUR_API_KEY_NAME

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles