Using Plist to store secret values in iOS App, and ignore it in Version Control (Git)
Previously, we have some secret values hardcoded in our App, and it’s separated in many files (not have exact place to store both of them). Also, it’s tracked on our Version Control (Git in this case). We know that it’s not secure, right?
So, we decide to find other workarounds to solve this. First, we found that we can use Environment Variables in XCode, because we can set it in our project using a script, and then the script will put the secret values based on values in environment variables that we already set in our OS (In our laptop, or in CI).
But, it turns out that it will not works as we expect, because we just realized that environment variables, is only available in our Laptop and CI, not available in our user, in their device, right? https://stackoverflow.com/questions/14214741/xcode-environment-variables-not-present-during-archive
So, we tried to found another ways, to keep it secrets. Then, we found a trick! We store our values in Plist
, we ignore it in our Git, and then ditributed it manually into our team.
Then, what about in our CI? We use a hacky ways, we create a script, that will generate the Plist
, based on values in Environment Variables in CI, and then run that script only in our CI, so our CI will also have that Plist
!
In our CI, we generate first the Plists
, using shell script ruby generate_keys.rb
, and then run script for building our XCode Projects.
So, both environment (in our Laptop and in our CI) will have that Plist
file, and then the building can works successfully! :)