How to hide API keys in GitHub for iOS (SWIFT) projects?
You can use a .plist
file where you store all your important keys. It is very important to put this file into your .gitignore
file.
In your case, you need to set your keys.plist
file like this:
And use it inside your AppDelegate as follows:
var keys: NSDictionary? if let path = NSBundle.mainBundle().pathForResource("Keys", ofType: "plist") { keys = NSDictionary(contentsOfFile: path) } if let dict = keys { let applicationId = dict["parseApplicationId"] as? String let clientKey = dict["parseClientKey"] as? String // Initialize Parse. Parse.setApplicationId(applicationId!, clientKey: clientKey!) }
SWIFT 3 Update:
if let path = Bundle.main.path(forResource: "Keys", ofType: "plist") { keys = NSDictionary(contentsOfFile: path) }
Put them in a configuration file that you add to the .gitignore
file. Check in a sample configuration file that every developer can use to create their own configuration.
If you want to share your project without keys then:
- Add Keys( as you prefer - enum, struct, or even object/singleton)
struct Keys { static let sandboxToken = "Tpk_hh43nneu3jwsu3u" static let productionToken = "pk_b5h4uend8ejwnw8"}
- In your code add follow code:
extension APIManager { enum Environment { case sandbox, production var apiKey: String { switch self { case .sandbox: return Keys.iexSandboxToken // <- Here case .production: return Keys.iexProductionToken // <- Here } } }}
or if you want to deal with optionals then you can add something similar to:
struct Keys { static let sandboxToken: String? = "Tpk_hh43nneu3jwsu3u" static let productionToken: String?}
and on use add assert
var apiKey: String { switch self { case .sandbox: guard let token = Keys.iexSandboxToken else { assertionFailure("Please fill the tokent in Keys.swift") return "anything you want" } return token case .production: guard let token = Keys.iexProductionToken else { assertionFailure("Please fill the tokent in Keys.swift") return "anything you want" } return token } }
So, in production, it will fail.
- Add it on .gitignore. So, your keys are hidden.