I have an iOS app that I'm about to open source. I don't want to include my key and secret in the Run Script code when the the app is live for everyone to look at, fork, download etc. for obvious reasons.
What is the best way to still use Fabric/Crashlytics but also keep those keys secure so that only those who can deploy the app have access to those credentials?
Here's a way:
1 - Store fabric keys in a local file.
<apiKey>
<secretKey>
2 - In your cocoa pods run script phase (under Build Phases in Xcode), have your script grab the api key and secret key from the local file.
apiKey=$(sed -n '1p' < localFile.txt)
secretKey=$(sed -n '2p' < localFile.txt)
3 - Use PlistBuddy in the cocoa pods run script phase to set the API Key into your Info.plist file. Something like this:
/usr/libexec/PlistBuddy -c "Set :Fabric:APIKey string $apiKey" $(PROJECT_DIR)/Info.plist
4 - Call the cocoa pods run command.
"${PODS_ROOT}/Fabric/run" $apiKey $secretKey
Edit: full script
apiKey=$(sed -n '1p' < localFile.txt)
secretKey=$(sed -n '2p' < localFile.txt)
/usr/libexec/PlistBuddy -c "Set :Fabric:APIKey string $apiKey" $(PROJECT_DIR)/Info.plist
"${PODS_ROOT}/Fabric/run" $apiKey $secretKey
NOTE -
$(PROJECT_DIR)/Info.plist may not be the correct path for your particular project.