Best practices for handling passwords/keys in open source projects?

by Eric Mill » Thu, 10 Sep 2009 03:49:42 GMT

Sponsored Links
 In my app, I'm taking advantage of a web-based API (the Sunlight Labs
API) that requires an API Key.  The project is also open source,
hosted on Github. I want to avoid committing my API key into the

I'd be fine with creating some other .xml file of special string
values, and git-ignoring that file (while providing a .xml.example
file to copy into its place), but I don't know the best way of doing
that with the Android SDK.

Any suggestions?

-- Eric

Best practices for handling passwords/keys in open source projects?

by Mark Murphy » Thu, 10 Sep 2009 04:10:31 GMT


Total brainstorm, never tried this, your kilometerage may vary, etc. It
also assumes you're using Ant...

Step #1: Put the layout file containing the MapView element that needs
the API key somewhere other than res/layout/ (e.g., make a
layout-template/ directory and put it there).

Step #2: Create an Ant target that reads in a property file and uses
<copy> and <replaceregexp> tasks to "paste" the API key out of the
property file into a copy of the layout you make in the proper spot
(e.g., copy from layout-template/ to res/layout/ and then paste in the key).

Step #3: git-ignore the post-API-key edition of the layout file and your
property file.

Step #4: Possibly have your Ant target turn around and call some other
target (e.g., the debug target).

Side benefit of this: you can have two targets and two property files,
one for debug and one for production.

Mark Murphy (a Commons Guy)  | 

_The Busy Coders' Guide to *Advanced* Android Development_ In Print!


Sponsored Links

Other Threads

1. New comment spammer tactic

I've managed to thwart the comment spammer who has recently been
hitting the Android market with hundreds of spam comments like this

by karen (February 16, 2011)
Hey if anyone is looking for free stuff check out Droid<omitted> They
give away free gifts daily to all android users!!

Unfortunately, spammers are notorious for changing tactics and keeping
their game going.

Now, this spammer has found a willing participant in {*filter*}ia College,
a company owned by The Education Corporation of America

The ceo of this company Tom Moore, appears to support any method they
can use to lure potential students into their schools regardless of
how unsavory they are. When I called Education Corporation of America
(they have no e-mail contact), they refused to accept the evidence and
told me I was probably a spammer and hung up on me.

It looks as if I will not be able to turn off the revenue stream as
{*filter*}ia College and Education Corporation of America welcome spammers
and aren't concerned with how they gather information on potential
students. If I were in the market for an education, I would certainly
be wary of such an organization. Corruption stars at the top and like
a rotten apple, goes to the core.

More about Education Corporation of America
300 Riverhills Business Park
Suite 300
Birmingham, AL 35242

Affiliated schools:
{*filter*}ia College
Golf Academy of America
Ecotech Institute

-John Coryat


2. My adb/ddma can not find ViewPad7 device


I installed Android SDK r9 & it's driver in my Windows.
And also turn on the USB debug mode.

But my adb/ddms can not find my ViewPad7 device.
I tried to connect another Android phone is ok.

How do I fix it??



3. Updating Description and Screenshots in Marketplace

4. How to disable Audio Feature in Android /How to build one mininum Android

5. How to disable Audio Feature in Android / How to build one mininum Android

6. OpenGL ES 2.0 for Live Wallpapers

7. How to rotate?