Android Question API Key in file on its own instead of manifest?

[aegidius20]

I have an app that shows maps, and it has its own Google API key in the manifest. The sources are up on github, but github complains of secret leakage after committing.

Is there any way to have the secret key in a file on its own, so it can be left out of the commits? I know I can always alter the .b4a file before every commit to leave out the key, but I'm certain to forget at least once, and the key will get revealed in the commit history.

 

[Erel]

1. The key should be restricted to a specific package with a specific signature. Assuming that only you have access to the signing key, it will make the API key practically safe.

2. I think that the above point is suffice, however you can move the relevant snippet to a text file, put it inside a zip file, change the zip file to jar, copy to additional libs folder, and then add it with:

CreateResourceFromFile(Macro, YourJarName.FileName)

See Themes.jar in the internal libraries folder for an example.