The post with show how you can hide api keys and stop your private key being pushed to Git.
Check out the tutorial and find out about the trick.
Github Hiding Api keys Tutorial
Here are the steps:
1. In your project find the gitignore file – this lists the files which will not be used when using Git.
For example:
*.iml
.gradle
/local.properties
/.idea/workspace.xml
/.idea/libraries
.DS_Store
/build
/captures
2. Add the file project:gradle.properties to the gitignore list as per below:
/gradle.properties
3. Now open the project:gradle.properties file and add a new reference for
API_KEY = “Your API String”
# My Secret Key - this is an example, please enter your own key!
API_KEY="TooManySecrets"
4. Open the application app:build.gradle and within the defaultConfig add a
reference to your API_KEY
android {
compileSdkVersion 23
buildToolsVersion "23.0.2"
defaultConfig {
applicationId "com.texturelabs.rosera.pop_movies"
minSdkVersion 14
targetSdkVersion 23
versionCode 1
versionName "1.0"
// Please ensure you have a valid API KEY for themoviedb.org↵
to use this app
// A valid key will need to be entered
buildConfigField("String", "API_KEY", API_KEY)
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'),↵
'proguard-rules.pro'
}
}
}
5. Now in your source code, you can easily reference the API_KEY without it being uploaded to Git, for example:
private static final String API_KEY = BuildConfig.API_KEY;
aa
😗 I have already added my private key to Git
If you have done this already, you can repair it by using git to remove it for example:
- With a local key that has not been pushed to your remote repository, you just need to remove (rm) the file from the cache.
git rm --cached <filename>
- Where you have a key that has been pushed remotely, you will need to re-add the information. So firstly remove (rm) the file from the cache. Then tell git to push this change to the remote repo (that is remove the file cleanly from the remote repository). You will still have the non-version control file on your local machine – also note that the repository logs will contain a reference to any changes made.
git rm --cached <filename>
git push
For extra security please note that git provides a tool to remove sensitive data in the instance you have committed information to the remote repository.