I have an android app, which I want to deploy for commercial use. I am using aws secret credentials, currently I have hardcoded it in the code.
Is there any safe way of deploying the Android app ,by passing credentials as external parameters. Just like what we do in server app, passing credentials as Environment variables.I don't want to have secret keys open in my code base.
I wanted to know if there is any way to do something similar in android app.
I would use the same principle of Environment variables
but through Gradle.
The idea is that you should have a gradle.properties file in your User folder where Gradle can pickup properties from. This file, of course, will not be added to source control.
you can do something like this
~/.gradle/gradle.properties
projectAwsCred1=cred1
projectAwsCred2=cred2
build.gradle (app)
...
buildConfigField "String", "AWS_CRED_1", "\"projectAwsCred1\""
buildConfigField "String", "AWS_CRED_2", "\"projectAwsCred2\""
and then (after building) you can call it in your code like normal Build.AWS_CRED_1
This way your credentials will be baked in your app but only on build time. You will of course have to document this in a README so others (or future you) will know were o place the projectAwsCred*
info.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With