This is a set of changes proposed for the management of secrets in our apps.
The solution takes the system environment into the Info.plist of the app's target to be consumed later from the Secret enum.
The process consists on several steps:
The environment variables are available in our system's shell.
This is done automatically by our CI/CD platforms after you configure the env vars correctly.
Locally this can be done with export ENV_VAR=value. This is optional for local development, you could use a pre-filled secrets.dev.xcconfig
The keys.env file contains all the environment keys we need for the project.
The setup-env script takes the env vars from the system and write them to the secrets.xcconfig file.
The script takes two parameters, one is the source of the keys required(keys.env as default) and the other one is the output xcconfig file.
The setup-env.sh is configured with the default parameters for ios-base for convenience.
The secrets.xcconfig file is committed empty to the repository and must continue that way. It is a requirement for the build to success. After that is added to the .gitignore and will be written only by the script in the CI/CD
Once the secrets.xcconfig file is filled(or secrets.dev.xcconfig for debug), the new key can be added to the Info.plist of the app's target.
The Secret.Key enum represents the env keys used in the application.
You use like: try? Secret.value(for: .facebookKey) in the code.
This is a first version of the secrets management, ideally all this is moved into its own project along with init.swift
Description:
The solution takes the system environment into the Info.plist of the app's target to be consumed later from the
Secret
enum.The process consists on several steps:
export ENV_VAR=value
. This is optional for local development, you could use a pre-filledsecrets.dev.xcconfig
keys.env
file contains all the environment keys we need for the project.setup-env
script takes the env vars from the system and write them to the secrets.xcconfig file.setup-env.sh
is configured with the default parameters for ios-base for convenience.secrets.xcconfig
file is committed empty to the repository and must continue that way. It is a requirement for the build to success. After that is added to the .gitignore and will be written only by the script in the CI/CDsecrets.xcconfig
file is filled(orsecrets.dev.xcconfig
for debug), the new key can be added to the Info.plist of the app's target.try? Secret.value(for: .facebookKey)
in the code.This is a first version of the secrets management, ideally all this is moved into its own project along with init.swift
Resolves #203
Risk: