0

My organisation doesnt allow us to git commit api keys of any kind.

I have recently added Google Firebase Cloud Messaging to my app and replaced the json file and related plugin with my app resource value strings file.

having been blocked by my organisations git leaks checks I investigated a solution and found the https://github.com/google/secrets-gradle-plugin which generates BuildConfig constants and hides the keys from git.

my issue is, how can i replace the resource strings with the generated BuildConfig constants? how do i tell firebase initialisation to use the build config strings and not to look for the resource strings?

Hector
  • 4,016
  • 21
  • 112
  • 211
  • 1
    What specific value for FCM are you trying to hide. Because the values in the `google-services.json` file are configuration data and not secrets (see https://stackoverflow.com/q/37482366). And if you're talking about the FCM server key, that should not just be hidden from the Git repo, but should not be used in your Android binary in any way. – Frank van Puffelen Jul 28 '23 at 14:13
  • I realise these are not secrets, however my organisation dies not understand this, they will not remove the git check when merging pull requests. The two entries that are causing the issue API key in thier make – Hector Jul 29 '23 at 16:44
  • 1
    It sounds like the problem is on storing the `google-services.json` in your source control then? For more on that, see https://stackoverflow.com/questions/37358340/should-i-add-the-google-services-json-from-firebase-to-my-repository – Frank van Puffelen Jul 29 '23 at 20:37

0 Answers0