iOS应用中使用的API密钥和机密-将它们存储在哪里? [英] API keys and secrets used in iOS app - where to store them?

问题描述

我正在为iOS开发，我需要使用API​​密钥和机密向某些API发出请求.但是，我不希望它出现在我的源代码中，并且在推送到我的存储库时会泄露秘密.

I'm developing for iOS and I need to make requests to certain APIs using an API key and a secret. However, I wouldn't like for it to be exposed in my source code and have the secret compromised when I push to my repository.

此案例的最佳做法是什么?将它写在一个单独的文件中，我将把它包括在.gitignore中吗?

What is the best practice for this case? Write it in a separate file which I'll include in .gitignore?

谢谢

推荐答案

将其写入一个单独的文件中，该文件将包含在.gitignore中吗?

Write it in a separate file which I'll include in .gitignore?

不，永远不要写.
这意味着:

No, don't write it ever.
That means:

• 您无需在存储库中写入该秘密(无需对其进行gitignore，也不必担心会错误地添加/提交/推送它)
• 您无需将其写在本地驱动器上的任何位置(不必担心计算机上的秘密"内容被盗)

在您的存储库中存储一个脚本，该脚本能够从外部源(从git repo外部)查找该秘密并将其加载到内存中..
这类似于 git credential-helper进程，该脚本将启动一个监听localhost:port的进程以提供服务当您仅在当前会话中需要它时，该秘密"就会传给您.
会话完成后，将没有任何痕迹.
这是管理秘密数据的最佳实践.

Store in your repo a script able to seek that secret from an external source (from outside of git repo) and load it in memory.
This is similar to a git credential-helper process, and that script would launch a process listening to localhost:port in order to serve that "secret" to you when you whenever you need it in the current session only.
Once the session is done, there is no trace left.
And that is the best practice to manage secret data.

如果您在.gitattributes文件中将其声明为内容过滤器，则可以在git checkout上自动触发该脚本:

You can trigger automatically that script on git checkout, if you declare it in a .gitattributes file as a content filter:

这篇关于iOS应用中使用的API密钥和机密-将它们存储在哪里?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！