0

I wonder how to hide an API key and replace it with let's say empty string

before pushing to Github or any source control.

for example, I've API keys like

object Constants {
    const val API_KEY= "GOOGLE_API_KEY"
}

how to remove the actual one and add random or empty string when pushing.

Ismail Mohamed
  • 71
  • 6
  • see https://gist.github.com/loftywaif002/f2ebe2024ad73d6a579285dcba250465 – Manohar Nov 10 '21 at 06:42
  • Does this answer your question? [How can I save my secret keys and password securely in my version control system?](https://stackoverflow.com/questions/11575398/how-can-i-save-my-secret-keys-and-password-securely-in-my-version-control-system). Generally, keys should never be hard coded or committed to repository. You should retrieve them dynamically like from environment variables, use a secure vault service, or similar approach. – sytech Nov 10 '21 at 07:59
  • On the assumption you may have already added the keys, it is important to remove them from any older commits. I'd recommend the BFG repo cleaner to do this. – johnfo Nov 10 '21 at 08:06

1 Answers1

1

Secret manager

Take a look at secret manager.

Git hooks

A way to achieve this could be using git hooks. On pre-commit, use (for example) sed to find and replace your API_KEY. You can even restore it in post-commit.

Debug resources

Another way is to add the API_KEY to a resource file in the debug variant folder. Add that file to your .gitignore so you can use the API_KEY in your code, but will never be commited.

Rolaman
  • 36
  • 4