What is the best way to an hide API key before pushing it to github?
Asked
Active
Viewed 697 times
1
-
2Short answer: don't push it to GitHub. Keep it as a local configuration file. – Michael Dodd Jul 05 '19 at 12:51
-
I'm curious right now about something - without api key, app downloaded from github won't work, is it normal practice? What about people from let's say a job interview, who would try the app, are they just gonna look upon the code, or want to test it "live"? – Jul 05 '19 at 12:56
-
It would be up to the person who downloaded the source to use their own API key to make it work. Publicly posting your API key potentially means the whole internet can piggy-back off your account, which is the quick way to get your account suspended/banned. API keys should only be distributed as part of final APK releases, and even then it should be obfuscated where possible using proguard etc. – Michael Dodd Jul 05 '19 at 13:02
-
So I can just make something like @blazer338 suggested, and push it into git, right? Well, I thought, I'm gonna have to hide it somehow. Good to know that. Thank you for help. – Jul 05 '19 at 13:50