Logo

dev-resources.site

for different kinds of informations.

Simple way to store secrets in Android Project.

Published at
8/13/2024
Categories
android
security
gradle
kotlin
Author
kiolk
Main Article
https://dev.to/kiolk/simple-way-to-store-secrets-in-android-project-345k
Categories
4 categories in total
android
open
security
open
gradle
open
kotlin
open
Author
5 person written this
kiolk
open
Simple way to store secrets in Android Project.

Very often, we should store secrets that we need to build android application. One of the most common cases are storing key alias, key password and store password, that are need to build production release. It is not problem when you develop application in solo in your own private repository. If your team grows to two developers, or you want to move the project to open source, you should store this secrets outside of version control. 

The best candidate for this is Gradle local.properties file, that doesn't track by git by default. In this file, you can store key-value pairs by very simple syntax.  In our example, it looks like this:

#sign configuration
key_alias=SomeAlias
key_password=SomeKeyPassword
store_password=SomeStorePassword
Enter fullscreen mode Exit fullscreen mode

After, you can use it for signing configuration in build.gradle.kts file, you need only read these values and store in variables:

val localProperties = Properties()
val localPropertiesFile = rootProject.file("local.properties")
localProperties.load(FileInputStream(localPropertiesFile))

val aliasKey: String = localProperties.getProperty("key_alias")
val passwordKey: String = localProperties.getProperty("key_password")
val passwordStore: String = localProperties.getProperty("store_password")
Enter fullscreen mode Exit fullscreen mode

Late, you can simply use it in places where they need:

signingConfigs {
        create("release") {
            keyAlias = aliasKey
            keyPassword = passwordKey
            storePassword = passwordStore
            storeFile = rootProject.file("keystore/release.keystore")
        }
    }
Enter fullscreen mode Exit fullscreen mode

If you need to use these secrets in code, you can simply store it in variables of BuildConfig . But this way is not very secure, because they will be visible after revers engineering of your application.

buildConfigField("String", "PRIVATE_ACCESS_TOKEN", "\"${privateAccessToken}\""
Enter fullscreen mode Exit fullscreen mode

It is all. After this simple manipulation, you can feel itself safety. Also, I like to add information about required local variables in README with pointing where you can find it for saving time of developer who will join to projec.

gradle Article's
30 articles in total
Favicon
Understanding (a bit of) the Gradle Kotlin DSL
Favicon
Zero Config Spring Batch: Just Write Business Logic
Favicon
JeKa: The Simplest Way to Create Uber and Shade Jars
Favicon
JeKa: The Simplest Way to Publish on Maven Central
Favicon
Gradle extensions part 2: Now with shenanigans
Favicon
Wednesday Links - Edition 2024-11-27
Favicon
A brand new Java scaffolding has been born today for Make Java Great Again!
Favicon
Wednesday Links - Edition 2024-10-16
Favicon
Gradle 8.11: Faster Configuration Cache and Improved Configuration Time
Favicon
react-native duplicate class problem
Favicon
Breaking the build 😝 : Demystifying Gradle
Favicon
Wednesday Links - Edition 2024-09-11
Favicon
One click dependencies fix
Favicon
ACAB: Fire the (code style) cop in your head
Favicon
Telltale: Automating Experimentation in Gradle Builds
Favicon
Minecraft Modpack Development Update: Beta Test and Musical Additions
Favicon
Gradle upgrade
Favicon
Announcing Dependency Analysis Gradle Plugin 2.0.0!
Favicon
Wednesday Links - Edition 2024-07-24
Favicon
Resource observability case study: jemalloc in Android builds
Favicon
How store signing keystore.
Favicon
Simple way to store secrets in Android Project.
Favicon
Developing a Custom Gradle Plugin for Formatting and Static Analysis
Favicon
Gradle Commands Cheat Sheet
Favicon
Wednesday Links - Edition 2024-04-24
Favicon
Gradle DSL: Configurando JaCoco
Favicon
Unearthing the Quirk: Dealing with File Access Issues that arise from Resource Optimization in Android Applications
Favicon
🍒 Cherry-Picked Nx v18.2 Updates
Favicon
Making Your Android Project Modular With Convention Plugins
Favicon
Kradle 9.0: Revolutionizing the JVM Ecosystem with Kotlin at its Core!

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech