search

Esri / data-collection-ios

Mobile data collection app using the iOS Runtime SDK.
https://developers.arcgis.com/
Apache License 2.0
25 stars 26 forks source link

Hotfix: App Secrets #244

Closed esreli closed 4 years ago

esreli commented 4 years ago

This PR is an attempt to resolve https://github.com/Esri/data-collection-ios/issues/229 once and for all.

This technique uses Xcode Environment Variables to store sensitive keys, supplying these keys at build time. The main benefit is that this technique removes sensitive keys from version control. The main drawback is that this technique requires an additional step before new users can run the application.

esreli commented 4 years ago

I've given this technique more thought and it will not satisfy our needs. I had mistakenly believed the parameters were packaged with the app and sent at runtime, even on device. Something felt a bit off here and so I looked into it a bit deeper. I have confirmed that sending environment variables from an Xcode scheme is limited to the owner of the scheme. This technique will not transfer outside of a dev or CI environment and into production. Closing.

jf990 commented 4 years ago

@esreli well, it appeared promising 🤷‍♂️

esreli commented 4 years ago

@jf990 @nixta i've submit a second attempt to solve this problem that uses values stored in a file rather than Xcode Environment variables.

https://github.com/Esri/data-collection-ios/pull/246