Android - excluding an api key from github, where to store the api key in code?

Question

I was wondering what the best way of storing an api key is in android studio. I would want to exclude this file from github using gitignore.

I have seen some people use the gradle.properties in the HOME directory but the api is specific to my application.

I also notice there is a gradle.properties in a new android studio project but this can contain other things that I may not want to exclude.

Anyone know the best way to do this ?

So the file would be available locally and my project would read it at runtime but I would "maybe" gitignore this file so I wouldn't commit it so I would not expose my api key.

Answer 1

I have seen some people use the gradle.properties in the HOME directory but the api is specific to my application.

I see no problem with API being specific to your app. We have similar situations sometimes, so we just use some unique name for gradle.properties entries. Something like

(MY_APP_NAME)_(MY_API_NAME)_API_KEY

Also we're storing passwords to our internal Maven repositories in the same way, so they're not pushed to GitHub as part of build.gradle file. I can say we're pretty happy with that approach.

Some alternatives which I can think about:

• Explicitly pass parameters to gradle while executing task. So, you can store those parameters in Android Studio configuration.
• You can apply another .gradle file to your buildscript (which will contain your variables) using apply from: 'path-to-my-local-script.gradle'. Just don't forget to add it to .gitignore.

Answer 2

You can store api keys with help of gradle and the system path variable Add new system PATH variable THE_MOVIE_DB_API_TOKEN="XXXXX":

For Windows OS:

• Open System
• Advanced system settings
• Environment variables
• Add new variables to the user variables

Add the following code to the build.gradle file

apply plugin: 'com.android.application'

  android {
   ...

    defaultConfig {
        ...
    }
    buildTypes {
        release {
            ...
        }
        buildTypes.each {
            it.buildConfigField 'String', 'THE_MOVIE_DB_API_TOKEN', "$System.env.THE_MOVIE_DB_API_TOKEN"
        }
    }
}

Use the API keys in Java code like this

BuildConfig.THE_MOVIE_DB_API_TOKEN)