Best practices for handling passwords/keys in open source projects?

by Eric Mill » Thu, 10 Sep 2009 03:49:42 GMT

Sponsored Links
 In my app, I'm taking advantage of a web-based API (the Sunlight Labs
API) that requires an API Key.  The project is also open source,
hosted on Github. I want to avoid committing my API key into the

I'd be fine with creating some other .xml file of special string
values, and git-ignoring that file (while providing a .xml.example
file to copy into its place), but I don't know the best way of doing
that with the Android SDK.

Any suggestions?

-- Eric

Best practices for handling passwords/keys in open source projects?

by Mark Murphy » Thu, 10 Sep 2009 04:10:31 GMT


Total brainstorm, never tried this, your kilometerage may vary, etc. It
also assumes you're using Ant...

Step #1: Put the layout file containing the MapView element that needs
the API key somewhere other than res/layout/ (e.g., make a
layout-template/ directory and put it there).

Step #2: Create an Ant target that reads in a property file and uses
<copy> and <replaceregexp> tasks to "paste" the API key out of the
property file into a copy of the layout you make in the proper spot
(e.g., copy from layout-template/ to res/layout/ and then paste in the key).

Step #3: git-ignore the post-API-key edition of the layout file and your
property file.

Step #4: Possibly have your Ant target turn around and call some other
target (e.g., the debug target).

Side benefit of this: you can have two targets and two property files,
one for debug and one for production.

Mark Murphy (a Commons Guy)  | 

_The Busy Coders' Guide to *Advanced* Android Development_ In Print!


Sponsored Links

Other Threads

1. Monkey usage with Scripts/Network Control not working


I am trying to do 2 things with monkey

1. Execute a script with a command like

adb shell monkey -p MY_PACKAGE --setup scriptfile -f /sdcard/
mon_script1.txt 1

where mon_script.txt contains a few touch commands. After I execute
this, I see nothing happening on the screen. It even does not give me
the "Number of events injected message".
I have verified that my touch co-ordinates fall over actual UI

This is the script file I am using

tap 79 29
tap 100 100
tap 200 200
tap 300 300

2. Execute Monkey Network control to type commands individually.
I start up monkey to listen to a port and use PuTTY to send commands.
I get "OK" return messages, but nothing happens on the screen.

Whenever I use monkey in the random mode, I see interaction on the
But I need to get one of the above 2 methods to work.
I have seen the sources of monkey and nothing seems to be wrong.
Has anyone used monkey in the above described way? If so, please tell
me what I am doing wrong.



2. wrong line numbers in crash console tracebacks

Does anyone else have a problem of wrong line numbers in the crash
report traceback. They seem to be off about 2-3 lines. Sometimes it's
difficult to figure out what exactly caused an exception.


3. Android UI development Tools

4. is there a limit for the numebr of markers to show on a MapView?


6. Scrollable Menu Bar like Fox news app

7. problem with Search suggestions