Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Scott Taylor
7,089 PointsHiding API Credentials in GitHub (for Xcode 5 projects)
Hi all, quick question - how do you hide sensitive data within an Xcode project (e.g. API access keys etc) when you want to upload a project to GitHub?
Thanks so much
4 Answers
Stone Preston
42,016 Pointsok so what I did was create a new plist in my app by selecting new -> file -> resource -> property list and named it Keys. then I added two string values to the root called parseApplicationId and parseClientKey and pasted in my parse ApplicationId and my parse client key as the two values. then in my app delegate where I had previously hardcoded the values i used:
NSDictionary *dictionary = [NSDictionary dictionaryWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"Keys" ofType:@"plist"]];
NSString *applicationId = [dictionary objectForKey:@"parseApplicationId"];
NSString *clientKey = [dictionary objectForKey:@"parseClientKey"];
//add your parse keys here
[Parse setApplicationId:applicationId
clientKey:clientKey];
and placed Keys.plist in my .gitignore file (although currently its not ignoring so ill have to figure that out)
edit: it wasnt ignoring the file because I had already added my Keys.plist to my repo, I had to untrack it using git rm --cached Keys.plist then commit and push
Stone Preston
42,016 PointsI was thinking of maybe having a file that holds the keys then reading them from that file in my app, but placing that file in gitignore so it doesnt get pushed up with everything else
Amit Bijlani
Treehouse Guest TeacherYep exactly how I would do it. Add the keys to a plist or constants file and then add that file to the gitignore. You might want to note that in your readme so anyone else downloading your repo knows what's going on.
Scott Taylor
7,089 PointsAmit Bijlani, very basic question but how would you go about referencing the file? To continue the Ribbit example, how would I pull the Parse API credentials out of the AppDelegate.m and then reference to the file that now has them? Thanks so much for any help.
Amit Bijlani
Treehouse Guest TeacherLooks like Stone Preston beat me to it ;)
Scott Taylor
7,089 PointsYep, that seems to be the approach taken for web apps... however, I wasn't too sure how to go about creating the file..
Stone Preston
42,016 Pointsi just asked the question on SO so ill see if anyone replies
Luke Schoen
3,317 PointsThanks for this very useful discussion. I realised that my Parse.com account was being compromised when I found that a random User email had being added to my Friends list in my Database. Now that someone or many people know my API key and ID I'm trying to work out how to change them with Parse.com They say to contact them if you're account has been compromised, but they only have discussion boards on their website.
Stone Preston
42,016 Pointsif your app is still in development I would just delete your current app on parse and create a new one. Use the plist method detailed above with your new API keys. Then commit and push back up to your repo.
Stone Preston
42,016 PointsStone Preston
42,016 Pointsi was just about to ask this! I want to have my project on github but I dont want people to be able to use my parse keys. maybe Ben Jakuben or Amit Bijlani could provide some input?