Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

securing Google Maps key #1596

Merged
merged 2 commits into from
Mar 31, 2021
Merged

securing Google Maps key #1596

merged 2 commits into from
Mar 31, 2021

Conversation

tolot27
Copy link
Collaborator

@tolot27 tolot27 commented Jan 8, 2021
edited
Loading

This PR can read the Google Maps key from the Gradle project properties or an environment variable.

Rationale: Currently, the Google Maps keys are stored as resource string variables in two files in the debug and release output directory res/values/google_maps_api.xml , redundantly.
Creating a new build type results in a build error until google_maps_api.xml is duplicated again. Since the key is identical for all builds, it can be stored centrally.

In general, it is a good practice to exclude keys from public repositories. This is not the case with xDrip. With this PR, it is easy to externalize the key from app/gradle.properties and store a newly generated key into an environment variable or a project or local property (local.properties file). It is also possible to set it using gradle -Pgoogle_maps_key='<key>' or specify it in .travis.yml in the env section, possibly as encrypted variable.

@tolot27 tolot27 added code:quality code and repository related security labels Jan 8, 2021
@tolot27 tolot27 changed the title Secure keys securing Google Maps key Jan 8, 2021
This was referenced Jan 8, 2021
Closed
Merged
@tolot27 tolot27 requested a review from jamorham January 12, 2021 19:10
@tolot27 tolot27 added the next-build PRs to consider for the next build. label Jan 12, 2021
@tolot27
Copy link
Collaborator Author

tolot27 commented Jan 13, 2021

rebased on current master (35c786c)

jamorham
jamorham approved these changes Mar 31, 2021
View reviewed changes
Copy link
Collaborator

@jamorham jamorham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good thanks.

@jamorham jamorham merged commit 38fee03 into master Mar 31, 2021
@tolot27 tolot27 removed the next-build PRs to consider for the next build. label Apr 13, 2021
@tolot27 tolot27 deleted the secure_keys branch January 4, 2022 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamorham jamorham jamorham approved these changes

Assignees
No one assigned
Labels
code:quality code and repository related security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tolot27 @jamorham