Android Question API Key in file on its own instead of manifest?

A

aegidius20

Member
I have an app that shows maps, and it has its own Google API key in the manifest. The sources are up on github, but github complains of secret leakage after committing.

Is there any way to have the secret key in a file on its own, so it can be left out of the commits? I know I can always alter the .b4a file before every commit to leave out the key, but I'm certain to forget at least once, and the key will get revealed in the commit history.
 
Sort by date Sort by votes

Erel

B4X founder
Staff member
Licensed User
Longtime User
1. The key should be restricted to a specific package with a specific signature. Assuming that only you have access to the signing key, it will make the API key practically safe.

2. I think that the above point is suffice, however you can move the relevant snippet to a text file, put it inside a zip file, change the zip file to jar, copy to additional libs folder, and then add it with:
B4X: 
CreateResourceFromFile(Macro, YourJarName.FileName)

See Themes.jar in the internal libraries folder for an example.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

I
  • Article
B4A Library UltimateWebView Custom View
4 5 6
Replies
116
Views
56K
Cesaral
C
  • Article
B4A Library [B4X] PreoptimizedCLV - Lazy loading extension for xCustomListView
2 3
Replies
53
Views
40K
Erel
  • Locked
  • Article
B4A Library GooglePlayBilling - In App Purchases
2
Replies
39
Views
29K
Erel
  • Question
Classes are soon coming...
2 3
Replies
46
Views
47K
Mashiane
  • Article
Android Tutorial PreferenceActivity tutorial
7 8 9
Replies
175
Views
115K
Air
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…