2

I want to hide private information like API key when uploading my project. So I am wondering if there's a way to set environment variable somewhere as I do in command prompt.

For example, I want to hide my API key in google_maps_api.xml

<string name="google_maps_key" templateMergeStrategy="preserve" translatable="false">API_KEY_HERE</string>

How can I do it in Android Studio?

2 Answers2

4

as per the best practices it is recommended to keep all the credentials in gradle.properties like this:

KEYSTORE_PASSWORD=password123
KEY_PASSWORD=password789
GOOGLE_MAP_KEY=API_KEY_HERE

This file is automatically imported by Gradle, so you can use it like:

signingConfigs {
    release {
        try {
            storeFile file("myapp.keystore")
            storePassword KEYSTORE_PASSWORD
            keyAlias "thekey"
            keyPassword KEY_PASSWORD
        }
        catch (ex) {
            throw new InvalidUserDataException("You should define KEYSTORE_PASSWORD and KEY_PASSWORD in gradle.properties.")
        }
    }
}

To use gradle.properties inside a class you can refer this:

android {
    ...
    defaultConfig {
        ...
        // defining the google map key
        buildConfigField "String", "GOOGLE_MAP_KEY", MAP_KEY
    }
}

This will be generated in <package_name>.BuildConfig.java and would contain these fields:

public class BuildConfig {
    // ... other generated fields ...
    public static final String GOOGLE_MAP_KEY = "API_KEY";
}

You can now directly use GOOGLE_MAP_KEY by calling BuildConfig.GOOGLE_MAP_KEY in any class.

In order to keep all your credentials safe do not commit gradle.properties in your version control repositories like Github etc.

Aseem Sharma
  • 1,443
  • 11
  • 18
  • So in my case, I should just write down my API key in `gradle.properties` and replace my key with a variable in `google_maps_api.xml`? –  Oct 04 '18 at 09:21
  • 1
    If you want to use the key in XML then first you need to do the setup like I have shown above of GOOGLE_MAP_KEY in `build.gradle` and after Sync when it will be generated in BuildConfig, then you can access it as other resources like @string/GOOGLE_MAP_KEY – Aseem Sharma Oct 04 '18 at 09:27
  • For more details read this article as well [link](https://medium.com/code-better/hiding-api-keys-from-your-android-repository-b23f5598b906) – Aseem Sharma Oct 04 '18 at 09:32
  • I ended up just adding `google_maps_api.xml` to `gitignore` because the key that Android Studio gave me is referred to like `@string/google_maps_api_key` in `ANdroidMaifest.xml`. But thanks for this tip. It is helpful. –  Oct 04 '18 at 13:29
  • Glad, it helped :) – Aseem Sharma Oct 04 '18 at 13:33
-2

First, you should make .env file outside of your src folder.

Then, add

REACT_APP_WEATHER_API_KEY=123456

Replace 123456 with your API_KEY

Before commit, you should exclude this .env file so find .gitignore file and add .env.

you can use these env variables like this..

 const API_KEY = process.env.REACT_APP_WEATHER_API_KEY;

Now you're free to go.

Don't forget to add .env in .gitignore file.

for more info see this

amit
  • 681
  • 5
  • 17