0

I have stored fabric_api key in Info.plist file.But I don't want to include my key and secret in the info.plist file when the the app is live.

what is the best way to keep fabric/crashlytics key secure?

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
kalyani_jamunkar
  • 582
  • 1
  • 13
  • 33

1 Answers1

0

I only know several ways:

  1. Just put it in a constant variable, or if you want under your struct that handles all your keys. That's it.
  2. UserDefaults.
  3. Use libraries to obfuscate somehow your keys, such as https://github.com/orta/cocoapods-keys
  4. Keychain.

The last one is discussed by Apple.

Keeping a private key in a keychain is a great way to secure it. The key data is encrypted on disk and accessible only to your app or the apps you authorize.

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave

Also some interesting discussions:

  1. In iOS, how can I store a secret "key" that will allow me to communicate with my server?

  2. swift3 - How to protect secret key

I hope this helps.

Glenn Posadas
  • 12,555
  • 6
  • 54
  • 95