Repository files navigation

A Gradle plugin for providing your secrets securely to your Android project.

This Gradle plugin reads secrets from a properties filenot checked into version control,such aslocal.properties, and expose those properties as variables in the Gradle-generatedBuildConfigclass and in the Android manifest file.

DISCLAIMER: This plugin is primarily for hiding your keys from version control. Since your key is part of the static binary, your API keys are still recoverable by decompiling an APK. So, securing your key using other measures like adding restrictions (if possible) are recommended.

• Gradle-based Android project
• Android Gradle plugin 7.0.2

NOTE: Starting from v1.1.0, the plugin ID was changed to "com.google.android.libraries.mapsplatform.secrets-gradle-plugin" and the plugin is now being distributed via Google Maven (gMaven). You can still download previous versions of the plugin from Gradle's plugin portal, but new versions will now only be distributed through gMaven.

1. In your project's rootbuild.gradle file:

Groovy:

buildscript {    dependencies {        classpath"com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin:2.0.1"    }}

Kotlin:

buildscript {    dependencies {        classpath("com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin:2.0.1")    }}

2. In your app-levelbuild.gradle file:

Groovy:

plugins {    id'com.google.android.libraries.mapsplatform.secrets-gradle-plugin'}

Kotlin:

plugins {    id("com.google.android.libraries.mapsplatform.secrets-gradle-plugin")}

This plugin also supports library module type (com.android.library). Just install the plugin in your library-levelbuild.gradle file and keys will be visible inside that module as well.

Snapshot releases, which are distributed viaGitHub Packages, are also available for latest fixes. To use a snapshot release, add the following repository to your project-levelbuild.gradle file:

Groovy:

buildscript {    repositories {        maven {            url= uri("https://maven.pkg.github.com/google/secrets-gradle-plugin")            credentials {                username= project.findProperty("GITHUB_USER")?:System.getenv("GITHUB_USER")                password= project.findProperty("GITHUB_TOKEN")?:System.getenv("GITHUB_TOKEN")            }        }    }    dependencies {        classpath"com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin:<version>-SNAPSHOT"    }}

Also, seeAuthenticating to GitHub Packages.

Example contents oflocal.properties under your root project:

apiKey=YOUR_API_KEY

After applying the plugin and building your project, the API key then becomes accessible in two ways.

1. As aBuildConfig value:

val apiKey=BuildConfig.apiKey

2. As a variable accessible in yourAndroidManifest.xml file:

<meta-dataandroid:value="${apiKey}" />

For CI/CD systems, consider creating and checking in version control a default properties file with allthe same keys required by your app but withsafe default values. To do this, create a properties fileand set thedefaultPropertiesFileName value to that file name. For example:

secrets {    defaultPropertiesFileName='local.defaults.properties'}

The plugin can optionally be configured:

secrets {// Change the properties file from the default "local.properties" in your root project// to another properties file in your root project.    propertiesFileName'secrets.properties'// A properties file containing default secret values. This file can be checked in version// control.    defaultPropertiesFileName='secrets.defaults.properties'// Configure which keys should be ignored by the plugin by providing regular expressions.// "sdk.dir" is ignored by default.    ignoreList.add("keyToIgnore")// Ignore the key "keyToIgnore"    ignoreList.add("sdk.*")// Ignore all keys matching the regexp "sdk.*"}

To set build-variant specific properties (build type or flavor), create a properties file at theroot directory of the project with the same name as the variant. For example, to set keys specificfor therelease build type, create a new file calledrelease.properties containingrelease-specific keys.

Contributions to this library are always welcome and highly encouraged!

SeeCONTRIBUTING.md andCODE_OF_CONDUCT.md for moreinformation on how to get started.

Apache 2.0. SeeLICENSE for more information.