Epic Online Services Config

[en3erw]

I'm facing a challenge related to the EpicOnlineServicesConfig.json file, which is automatically generated and contains clientSecret and clientID keys. During the game build process, this file is placed in the StreamingAssets/EOS directory, subsequently ending up on the user's machine.

In order to secure these sensitive values, I am exploring options to encrypt them or alternatively, incorporate them as arguments within the game (please note we already have SandboxID and DeploymentID overridden).

I have delved into the parsing of these values and found that the EOSManager creates an EOSConfig class using the parsed JSON. However, making changes here appears unfeasible as the EOSManager resides in the packages folder, which auto-regenerates.

I would greatly appreciate any guidance on securing the clientSecret and clientID from potential exposure.

[andrew-hirata-playeveryware]

Hello @en3erw,

Because of how the EOS SDK bootstraps on standalone Windows builds, the configuration and creation of the EOS Platform interface has to happen in native code before Unity finishes starting up. Because of that, the values need to be visible to native code, hence why they are in Streaming Assets. Additionally, the values are not that sensitive, so not much effort has been taken to obfuscate them.

That being said, this plugin is open source, so it's 100% possible to implement your own encryption if you do decide to do so.
Be aware though, that due to when this code has to run, your solution will need to be written in C / C++, and can't use any of the niceties of the Unity engine. You'll also need to setup that environment, which usually means setting up Visual Studio, along with acquiring a license for that if you need one.

For more details, see this document