Best practices for handling passwords/keys in open source projects?

by Eric Mill » Thu, 10 Sep 2009 03:49:42 GMT


Sponsored Links
 In my app, I'm taking advantage of a web-based API (the Sunlight Labs
API) that requires an API Key.  The project is also open source,
hosted on Github. I want to avoid committing my API key into the
codebase.

I'd be fine with creating some other .xml file of special string
values, and git-ignoring that file (while providing a .xml.example
file to copy into its place), but I don't know the best way of doing
that with the Android SDK.

Any suggestions?

-- Eric
--~--~---------~--~----~------------~-------~--~----~



Best practices for handling passwords/keys in open source projects?

by Mark Murphy » Thu, 10 Sep 2009 04:10:31 GMT


 


Total brainstorm, never tried this, your kilometerage may vary, etc. It
also assumes you're using Ant...

Step #1: Put the layout file containing the MapView element that needs
the API key somewhere other than res/layout/ (e.g., make a
layout-template/ directory and put it there).

Step #2: Create an Ant target that reads in a property file and uses
<copy> and <replaceregexp> tasks to "paste" the API key out of the
property file into a copy of the layout you make in the proper spot
(e.g., copy from layout-template/ to res/layout/ and then paste in the key).

Step #3: git-ignore the post-API-key edition of the layout file and your
property file.

Step #4: Possibly have your Ant target turn around and call some other
target (e.g., the debug target).

Side benefit of this: you can have two targets and two property files,
one for debug and one for production.

-- 
Mark Murphy (a Commons Guy)
 http://commonsware.com  |  http://twitter.com/commonsguy 

_The Busy Coders' Guide to *Advanced* Android Development_ In Print!

--~--~---------~--~----~------------~-------~--~----~


Sponsored Links


Other Threads

1. How to put a breakpoint in code used by Phone app?

Hi
I am using Android 1.0 sdk. I am trying to understand how Phone app
integrates with private apis in com.telephony.XXX classes. I like to
attach to Phone app running in emulator and step through code. I
already have eclipse setup so that I can step through public apis (i.e
android.XXX packages).
How to make Eclipse attach to running application like Phone app?
I don't see any "New -> Project" option for launching Phone app.

Is there any other way of doing this?

Thanks
Videoguy

--~--~---------~--~----~------------~-------~--~----~

2. WifiLayer 6s timer and wpa_supplicant 5s timer sometimes confilct

I notice that if user stays on wifi setting screen, wifi layer will do
continous scan every 6 seconds, and in wpa_supplicant, if there is no wifi
link, and if there are some enabled wifi configurations (wifi network in
wpa_supplicant.conf), it will restart scan every 5 seconds.

Let us assuming there are 3 wifi networks in wpa_supplicant.conf (ssid1,
ssid2, and ssid3), then scan time line is
----|-------5s------|--1s--|-------5s------|--1s--|-------5s------|--1s--|-------5s------|--1s--|-------5s------|--1s--|
  scan1      scan2  scan3      scan4  scan5     scan6  scan7      scan8
scan9      scan10  scan11

If 14 channels are all scanned, and scan one time, at least 1s. It will
leads to the situation, scan2 has not completed, but scan3 trigger starts.

So could we disable wpa_supplicant scan if UI stays on wifi setting UI? at
only just user not stay on wifi setting, then start wpa_supplicant continous
scan?

Anyone has some ideas?

Best Regard
Walker

--~--~---------~--~----~------------~-------~--~----~

3. mediarecoder application

4. button animation problem

5. aplay gives audio open error

6. Question on WebView

7. Cursor - Add Columns