Handling Secrets Securely 🔐
If your Android app uses API keys or other sensitive data, you definitely don’t want to hardcode them in your source files or accidentally push them to GitHub.
Here’s how you can securely inject secrets into your Android app using GitHub Actions — so your keys stay safe and your builds stay automated.
Alright, Let’s Get Straight to the Point ⚡
- Add the following paths to your
.gitignorefile:
app/src/main/res/values/secrets.xml
Create a new file named
secrets.xmlin the path:app/src/main/res/values/Add the following code in 'secrets.xml' :
<resources>
<string name="API_KEY">YOUR_KEY_HERE</string>
</resources>
- Next, add the following code to your activity.kt file:
val secret = getString(R.string.API_KEY)
- Then, add this code under steps in your workflow file — right before the build step:
- name: Access Api keys
env:
apiKey: ${{ secrets.API_KEY }}
path: app/src/main/res/values/secrets.xml
run: |
touch $path
echo \<resources\> >> $path
echo \<string name=\"API_KEY\"\>$apiKey\</string\> >> $path
echo \</resources\> >> $path
- Finally, add a new secret to your GitHub repository with the key
API_KEY.
That’s it — you’re good to go! 🚀
Here’s an example project implementing the entire process:
👉 Spotify Playlist Downloader
Recommended Read 📖
If you’d like to understand the complete process of building, signing, and releasing Android apps on GitHub using GitHub Actions, I highly recommend reading my earlier post first — it covers all the fundamentals before we dive into using secrets:
Building, Signing and Releasing Android Apps with GitHub Actions
Top comments (0)