Open In App

Android – Avoid API Keys Check-In Into Version Control System Using local.properties File

Improve
Improve
Like Article
Like
Save
Share
Report

One of the best aspects of working as an Android developer is the ability to create and contribute to open-source projects! We have the ability to share our code with millions of developers all over the world. Now, when we make our code available as public repositories, we must ensure that certain things are taken care of, such as the sharing of private API keys, restricted URLs, and so on. How can we do this with the “local.properties” file in our root project? In this article, we’ll find out.

Step by Step Implementation

When we create a new project in Android Studio, a file called “local.properties” is created with the following content:

## This file is automatically generated by Android Studio.
# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
#
# This file should *NOT* be checked into Version Control Systems,
# as it contains information specific to your local configuration.
#
# Location of the SDK. This is only used by Gradle.
# For customization when using a Version Control System, please read the
# header note.
sdk.dir=The Sdk Directory path

So local.properties is a file generated by Android Studio that should not be included in the version control system. So, looking at our gitignore files in general, we have:

*.iml
.gradle
/local.properties
/.idea
/.idea/caches
/.idea/libraries
/.idea/modules.xml
/.idea/workspace.xml
/.idea/navEditor.xml
/.idea/assetWizardSettings.xml
.DS_Store
/build
/captures
.externalNativeBuild
.cxx
/buildSrc/build/*

We can see that the version control system has excluded the file local.properties.

GeekTip: It is critical to update the gitignore files with the appropriate extensions and file folders when starting an open-source project. Because the “local.properties” file is not shared by the version control system, we can use it to declare our local user-specific variables or private variables like API keys or restricted base URLs, and so on.

This project contributes to the development of a ride-sharing Android Taxi similar to Uber and Lyft. You can fork it and learn a lot of cool features. Please read the Readme file for more information on the project. Now, because our use case is a ride-sharing app, we will incorporate Google Maps into it. To use Google Maps, the developer must have an API Key. Let’s look at how we can do this with the “local.properties” file. First, add the following parameter to the local.properties file:

sdk.dir=The sdk directory //already existing parameter
yourApi = ANY_OF_YOUR_API_KEY_HERE

Then to extract the value, we simply:

def someExtraProperty = new Properties()
someExtraProperty.load(new FileInputStream(rootProject.file("local.properties")))

And now to access our API key while using, we can just:

someExtraProperty['yourApiKey'] (or) 
someExtraProperty.getProperty("YourAPIKey")

Some files are generated during the build process, such as gradleResValues.xml and BuildConfig.java. Let’s use these files to save the value of our API key. How can we insert values into files generated during the build process? In our app-level build, we’ll make use of the buildTypes section. gradle source code

android {
    .....
    buildTypes {
        debug {
            resValue("string", "gmaps_key", localProperties['yourApiKey'])
        }
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
}

This is the default generated value in the res folder when the package is compiled

<?xml version="1.0" encoding="utf-8"?>
<resources>

    <!-- Automatically generated file. DO NOT MODIFY -->

    <!-- Values from build type: debug -->
    <string name="gmaps_key" translatable="false">GMAPS_API_KEY_GOES_HERE</string>

</resources>

To use this value within the application, try extracting the values as follows:

resources.getString(R.string.gmaps_key)

Then just declare a final variable to store the string:

Java




public static final String GMAPS_API = your gmaps key;


Conclusion

You can now happily distribute this code as a public repository by including a TODO statement in the readme file stating that the required build config parameters or gradleResValuess.xml parameters should be present. The user will have to simply add the information in the TODO asn voila the work is back! We can avoid hardcoding strings in the app-level code by using the local.properties file to declare local, user-specific parameters or restricted URLs.


Last Updated : 20 Dec, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads