• State Not Answered
  • Replies 8 replies
  • Subscribers 16 subscribers
  • Views 1419 views
  • Users 0 members are here
Options
Related

Best practice for storing configuration strings in separate file

Former Member
Former Member over 5 years ago

Hi,

I want to share the source code for my Connect IQ App publicly on GitHub.

My App is using a 3rd party service that requires an individual API key for each developer. I do not want to accidentally leak my own API key to the public repo.

Currently my API key is hardcoded in the *.mc code of my main file.

Is there a good way in Monkey C to put things like API keys into a separate file and then include/use it somehow in my other *.mc files when needed?

This way I could add the configuration file to .gitignore to be sure my API key doesn't get accidentally published on the public repository.

Or any other tips for a good way to solve the above problem?

Thanks for your help and suggestions!

Top Replies

All Replies

  • 0 over 5 years ago

    How about setting your api key with app settings and not having it in the code at all?

  • 0 over 5 years ago in reply to jim_m_58

    There's really only two things file system wise an app can read at runtime.  Storage and Settings.

    There no "#include" type functionality for source. You could have the key in it's own mc file say key.mc with just this:

    var key="hello world";

  • Former Member
    0 Former Member over 5 years ago in reply to jim_m_58

    Isn't the app settings for user facing settings? The API key would be something the developer puts in before compiling.

  • Former Member
    0 Former Member over 5 years ago in reply to jim_m_58

    The key.mc idea seems promising. How could I access the val defined in key.mc from other .mc files?

  • 0 over 5 years ago in reply to Former Member

    It's a global.

    So you could do System.println("key=+key); anywhere.

    It's got be a .mc file but the actual name doesn't matter.

  • 0 over 5 years ago in reply to Former Member

    If you choose the .mc mechanism that means everyone has to compile the app to use it. If you use the settings mechanism then that would also allow people to install the compiled app and provide the api key separately.

  • 0 over 4 years ago

    I'd use a json resource file. The Programmer's Guide on JsonData resources covers the details, but at the high level, I'd create a resources/jsonData.xml (you can name it whatever you want) that looks something like this..

    <resources>
    <jsonData id="jsonSecrets" filename="secrets.json"/>
</resources>

    Then I'd create a resources/secrets.json.template file that looked like this:

    {
    "apiKey": "insert your api key here"
}

    This file would get put in your repo for users. I'd make a copy of resources/secrets.json.template named resources/secrets.json, fill that file out with my secret information, and add it to my .gitignore file.

    To load the secret data, you'd do this in code..

    var jsonSecrets = Application.loadResource(Rez.JsonData.jsonSecrets);

// jsonSecrets["apiKey"];

    Finally, I'd add a blurb to my README that told users to copy the file, fill it out, and add it to their .gitignore when cloning your project.

    You could avoid the separate json file and just put it directly into a .xml file as either a string resource or a json resource, that would work just as well.

    Also just note that the JsonData functionality is only available to devices with ConnectIQ 2.4.x support, but that should cover most anything you're going to write a new application for.

  • Former Member
    0 Former Member over 4 years ago in reply to Travis.ConnectIQ

    Thanks for the detailed explanation! That sounds like a very good approach.