![\"Xcode](\"https:\/\/img.shields.io\/badge\/Xcode-7.3-blue.svg?style=flat\")
![\"Swift](\"https:\/\/img.shields.io\/badge\/Swift-2.2-orange.svg?style=flat\")
<\/p>\n <\/p>\n
You’ve written an open source application for demonstration or illustrative purposes, and your application requires REST API keys for services such as Facebook, Twitter, Wunderground, or Parse or… You get the idea. How do you submit your application to Github for others to use without exposing your own API keys? I can’t take credit for the original idea, but here’s a Swift take on technique described by Mike Lazer-Walker<\/a>.<\/p>\n We’ll be using iOS property list<\/i> files and a Swift wrapper. The highlights here are that we are not<\/i> checking our property list into source control (Git), but our project will reference a file called Note:<\/b> This technique we are using here is specific to The general technique is to add a and then, to create a [code] Once we have that we need a clean mechanism for obtaining the values for our keys. This is done through a utility file in Swift (we call it The code is straightforward and meant to be called like this:<\/p>\n The routine looks for the It should be pointed out that what this code does not do<\/i> is in any way obfuscate the contents of the Now, let’s look at the specifics on how to use this technique in your Swift projects.<\/p>\n Step 1.<\/b> Add This is important; failure to do so will cause Xcode to try to automatically add your Step 2.<\/b> Create You can either create To create Also ensure that the file is included in your application target.<\/p>\nApiKeys.plist<\/code>. If you download the project from Bitbucket<\/a> and try to run you’ll get an error because the file ApiKeys.plist<\/code> is missing. This is where you create your own ApiKeys.plist<\/code> and put in your own API keys.<\/p>\ngit<\/code>. If you are using a different revision control system<\/a> look up the feature for how to ignore certain files in your source tree (for example, in Subversion you would use the svn:ignore<\/code> property).<\/p>\n.gitignore<\/code> file to the root directory of our project and add the following line:<\/p>\n\nApiKeys.plist\n<\/pre>\n
ApiKeys.plist<\/code> local to your machine with something similar to the following content:<\/p>\n
\n<?xml version="1.0" encoding="UTF-8"?>
\n<!DOCTYPE plist PUBLIC "-\/\/Apple\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
\n<plist version="1.0">
\n<dict>
\n\t<key>API_CLIENT_ID<\/key>
\n\t<string>MyAPIClientID<\/string>
\n <key>API_SECRET<\/key>
\n <string>MyAPISecret<\/string>
\n<\/dict>
\n<\/plist>
\n[\/code]<\/p>\nApiKeys.swift<\/code> for simplicity) with the contents:<\/p>\n\nimport Foundation\n\nfunc valueForAPIKey(named keyname:String) -> String {\n \/\/ Credit to the original source for this technique at\n \/\/ http:\/\/blog.lazerwalker.com\/blog\/2014\/05\/14\/handling-private-api-keys-in-open-source-ios-apps\n let filePath = NSBundle.main().path(forResource: \"ApiKeys\", ofType: \"plist\")\n let plist = NSDictionary(contentsOfFile:filePath!)\n let value = plist?.object(forKey: keyname) as! String\n return value\n}\n<\/pre>\n\nlet clientID = valueForAPIKey(keyname:\"API_CLIENT_ID\")\n<\/pre>\n
ApiKeys.plist<\/code> file in the application’s resource bundle, loads it as an NSDictionary<\/code> and then looks up the value for the given key as a String<\/code>.<\/p>\nplist<\/code>. That is, your iOS binary will have the keys included in the resource bundle and could<\/i> be extracted by someone intent on getting at them.<\/p>\nApiKeys.plist<\/code> to your .gitignore<\/code> file<\/p>\nplist<\/code> file to revision control. We don’t want that.<\/p>\nApiKeys.plist<\/code><\/p>\nApiKeys.plist<\/code> by hand or use Xcode to create it. Just make sure that you’ve added ApiKeys.plist<\/code> to your .gitignore<\/code> file!<\/p>\nApiKeys.plist<\/code> use File – New – File<\/b> in Xcode and create a Resource<\/b> file of type Property List<\/b>. Select Next<\/b> and name the file ApiKeys<\/code> (the plist<\/code> file type will be created automatically). If you name it something other than what you put in your .gitignore<\/code>, it will get added to revision control, which is not what you want.<\/i>.<\/p>\n![\"createPropertyList\"](\"https:\/\/dev.iachieved.it\/iachievedit\/wp-content\/uploads\/2014\/11\/createPropertyList.png\")
<\/a><\/p>\n
![\"addApiKeysFile\"](\"https:\/\/dev.iachieved.it\/iachievedit\/wp-content\/uploads\/2014\/11\/addApiKeysFile.png\")
<\/a><\/p>\n![\"SetAPICLIENTID\"](\"https:\/\/dev.iachieved.it\/iachievedit\/wp-content\/uploads\/2014\/11\/SetAPICLIENTID.png\")
<\/a><\/p>\n