Gradle: don’t store API keys and DB information in versioned files

I’m working on an Android app (both client and server) and I’m using Gradle in both projects. Storing sensitive information (like the Google Maps API Key) in a properties file sound good, but then I realize that this information should not be in the Git repository, so I start looking for a better way to do this.

I have this project structure (using java plugin for Gradle):

Captura de pantalla 2016-08-06 a las 19.21.32

Before

# src/main/resources/application.properties
google.maps.api.key = thisisthegooglemapsapikey
# src/main/resources/database.properties
db.driver=com.mysql.jdbc.Driver
db.url=jdbc:mysql://localhost:8889/db
db.username=user1234
db.password=pass1234
# src/main/resources/logback.xml
<property name="LOG_PATH" value="/Users/melorriaga/Developer/logs" />
<appender name="FILE-AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>${LOG_PATH}/debug.log</file>
    <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
        <Pattern>
            %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n
        </Pattern>
    </encoder>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
        <!-- rollover daily -->
        <fileNamePattern>${LOG_PATH}/archived/debug.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
        <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
            <maxFileSize>10MB</maxFileSize>
        </timeBasedFileNamingAndTriggeringPolicy>
    </rollingPolicy>
</appender>

(I’m using LOG_PATH to store application logs in a specific place)

After

First, we need to create a file called gradle.properties, and place it at the root of the project (the same location of your build.gradle file). Another option is to place that file inside USER_HOME/.gradle directory. Inside this new file, add your sensitive information:

# API keys 
GOOGLE_MAPS_API_KEY = thisisthegooglemapsapikey

# database
DB_URL = jdbc:mysql://localhost:8889/db
DB_USERNAME = user1234
DB_PASSWORD = pass1234

# logging 
LOG_PATH = /Users/melorriaga/Developer/logs

Inside build.gradle, we can use the processResources task (from the java plugin) to alter both properties and xml files inside resources directory.

import org.apache.tools.ant.filters.ReplaceTokens
processResources {
    filesMatching("logback.xml") {
        expand(["LOG_PATH":LOG_PATH])
    }
    filter ReplaceTokens, tokens: [
            "DB_URL": DB_URL,
            "DB_USERNAME": DB_USERNAME,
            "DB_PASSWORD": DB_PASSWORD,
            "GOOGLE_MAPS_API_KEY":GOOGLE_MAPS_API_KEY
    ]
}

Finally:

# src/main/resources/application.properties
google.maps.api.key=@GOOGLE_MAPS_API_KEY@
# src/main/resources/database.properties
db.driver=com.mysql.jdbc.Driver 
db.url=@DB_URL@ 
db.username=@DB_USERNAME@ 
db.password=@DB_PASSWORD@
# src/main/resources/logback.xml
<property name="LOG_PATH" value="$LOG_PATH" />
<appender name="FILE-AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>${LOG_PATH}/debug.log</file>
    <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
        <Pattern>
            %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n
        </Pattern>
    </encoder>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
        <!-- rollover daily -->
        <fileNamePattern>${LOG_PATH}/archived/debug.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
        <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
            <maxFileSize>10MB</maxFileSize>
        </timeBasedFileNamingAndTriggeringPolicy>
    </rollingPolicy>
</appender>

Now, both API keys, DB information, and logs location are not hardcoded in project files.

P.S.: Don’t forget to add gradle.properties inside .gitignore file!

Advertisements
Gradle: don’t store API keys and DB information in versioned files

One thought on “Gradle: don’t store API keys and DB information in versioned files

  1. I was extremely pleased to find this website. I sought to be thankful for for your valuable time, for this mafengicnit reading!! I am surely loving every little bit of info and I have you book marked to check out new stuff you post.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s