Member-only story
How to store/use sensitive information in Android development
Safely store sensitive information in the repository to share them with your colleagues and also CI/CD
When you make an app that consume any resource over network, it will most likely hold sensitive information, like API key or API secret.
For example, TMDb API is a handy API with which you can query movie information with number of different filters. You can create an app that shows list of movies like below in a jiffy. Yeah, it’s really handy.
When you make this HTTP request to query movies, you need to specify API key like this :
https://api.themoviedb.org/3/movies/now_playing?api_key=xxxxyyyyzzzzThis API key is something that belongs to you or your company, and you don’t want to share it with anybody else. If you accidentally push this key to the public repository, somebody can compromise the API key and use it.
Probably damage is minimal for TMDb API. Somebody may just abuse and send 1000 req/second under your name, but that likely results in just invalidated API key, or banned account in the worst case. However, if your API key is tied to…
