There is short approach for ensure secure storing of api keys and signIng apk data.
This file will contains all the private keys. Create it on your project root and write down the API keys on property=value notation.
Remember to use quotation marks when dealing with String values.
Add keystore.properties file to .gitignore file.
Configuring your build.gradle(app) file for getting access to keystore.properties
def keystorePropertiesFile = rootProject.file("keystore.properties")
def keystoreProperties = new Properties()
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
After that, configure the field that will generate static constants accessible via the auto generated BuildConfig class.
android{
(...)
buildTypes.each {
it.buildConfigField 'String', 'OPEN_WEATHER_MAP_API_KEY', keystoreProperties['OpenWeatherMapApiKey']
}
}
A correspondent static constant will be created and you can access it programatically:
String apiKey = BuildConfig.OPEN_WEATHER_MAP_API_KEY;
<meta-data
android:name="com.google.android.maps.v2.API_KEY"
android:value="${GOOGLE_MAP_KEY}"/>
This variable must be created on build.gradle(app) as a manifest placeholder.
buildTypes {
debug {
manifestPlaceholders = [ GOOGLE_MAP_KEY:keystoreProperties['GoogleMapKeyDebug']]
}
release {
manifestPlaceholders = [ GOOGLE_MAP_KEY:keystoreProperties['GoogleMapKeyRelease']]
}
}
Copiright from Cássio Oliveira.