Handling Secrets Securely ๐
If your Android app uses API keys or other sensitive data, you definitely donโt want to hardcode them in your source files or accidentally push them to GitHub.
Hereโs how you can securely inject secrets into your Android app using GitHub Actions โ so your keys stay safe and your builds stay automated.
Alright, Letโs Get Straight to the Point โก
- Add the following paths to your
.gitignorefile:
app/src/main/res/values/secrets.xml
Create a new file named
secrets.xmlin the path:app/src/main/res/values/Add the following code in 'secrets.xml' :
<resources>
<string name="API_KEY">YOUR_KEY_HERE</string>
</resources>
- Next, add the following code to your activity.kt file:
val secret = getString(R.string.API_KEY)
- Then, add this code under steps in your workflow file โ right before the build step:
- name: Access Api keys
env:
apiKey: ${{ secrets.API_KEY }}
path: app/src/main/res/values/secrets.xml
run: |
touch $path
echo \<resources\> >> $path
echo \<string name=\"API_KEY\"\>$apiKey\</string\> >> $path
echo \</resources\> >> $path
- Finally, add a new secret to your GitHub repository with the key
API_KEY.
Thatโs it โ youโre good to go! ๐
Hereโs an example project implementing the entire process:
๐ Spotify Playlist Downloader
Recommended Read ๐
If youโd like to understand the complete process of building, signing, and releasing Android apps on GitHub using GitHub Actions, I highly recommend reading my earlier post first โ it covers all the fundamentals before we dive into using secrets:
Building, Signing and Releasing Android Apps with GitHub Actions
Top comments (0)