Skip to content

Instantly share code, notes, and snippets.

@curioustechizen

curioustechizen/UseApiKey.java

Created April 6, 2015 07:37
Show Gist options
  • Star 46 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save curioustechizen/9f7d745f9f5f51355bd6 to your computer and use it in GitHub Desktop.
Save curioustechizen/9f7d745f9f5f51355bd6 to your computer and use it in GitHub Desktop.
Download ZIP
Android: Loading API Keys and other secrets from properties file using gradle
Raw
build.gradle
buildTypes {
applicationVariants.all { variant ->
variant.buildConfigField "String", "API_KEY", "\""+getApiKey()+"\""
}
}
def getApiKey(){
def Properties props = new Properties()
props.load(new FileInputStream(new File('secrets.properties')))
return props['API_KEY']
}
Raw
secrets.properties
API_KEY=my_awesome_api_key
Raw
UseApiKey.java
String apiKey = BuildConfig.API_KEY
@bharatramnani94
Copy link

Don't forget to include secrets.properties in .gitignore file.

@hendraanggrian
Copy link

If I decompile the app, would the secret key then be exposed? Putting any secret key in java or resources xml is not an option for me as they can be easily decompiled.

@curioustechizen
Copy link
Author

@hendraanggrian This solution will not protect against decompilation. The string will ultimately land up in your APK.

@yakubpashask
Copy link

Hello @curioustechizen , Could you tell us what is the difference between storing the keys in the java file if we can't protect the keys by above method this in decompilation of apk.

@lnfn
Copy link

lnfn commented Sep 10, 2017

use Firebase remote config

@curioustechizen
Copy link
Author

@yakubpashask The difference is using the above method your key does not end up in a public github repo :)

@ckdevrel
Copy link

ckdevrel commented Feb 7, 2018

How to access API_KEY in XML. I am struck, please help me.

@curioustechizen
Copy link
Author

@TakeoffAndroid you can use resValue instead of buildConfigField - this will generate a string resource. You can then use it in XML. See here for example usage.

@rituapplocum
Copy link

Map API key and fabric API key that we have to pass in Android Manifest at the time of reverse engineering we are unable to hide these api keys even though we declare them in buid gradle.
.

@curioustechizen
Copy link
Author

Map API key and fabric API key that we have to pass in Android Manifest at the time of reverse engineering we are unable to hide these api keys even though we declare them in buid gradle.
.

Correct. See this comment

@rituapplocum
Copy link

Map API key and fabric API key that we have to pass in Android Manifest at the time of reverse engineering we are unable to hide these api keys even though we declare them in buid gradle.
.

Correct. See this comment

What is the solution for that?

@curioustechizen
Copy link
Author

@ritualapplocum Did you read the whole conversation? Your question is answered in the comments above.

@rituapplocum
Copy link

@ritualapplocum Did you read the whole conversation? Your question is answered in the comments above.

yes I have already implemented it in build gradle and using those values in manifest but again when we decompile the code manifest is still displaying those api keys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment