Where to store API keys on Swift?

Prabhu picture Prabhu · Feb 18, 2017 · Viewed 15.3k times · Source

I have a bunch of API keys and secrets (Stripe, Cloudinary etc), that are currently hard coded in my app. Where is the right place to store them? Should they be in the server, and I just store the server URL at my end (so that if the keys changes, the app continues to work)?

for example, I have this in my app delegate file:

    func configureStripe(){
            STPPaymentConfiguration.sharedConfiguration().publishableKey = "pk_test_1234rtyhudjjfjjs"         

STPPaymentConfiguration.sharedConfiguration().appleMerchantIdentifier = "merchant.com.myapp"
    }

Answer

Tim picture Tim · Oct 22, 2020

There are many tools to store secret keys.

  1. https://nshipster.com/secrets/
  2. https://www.freecodecamp.org/news/how-to-securely-store-api-keys-4ff3ea19ebda/

If personal project, I typically go with xccconfig and just ignore that file in git but with teams this can be quite hard.