Securing Your Keys with Gradle Variables

How gradle variables and gitignore can save you from the pain of managing private keys.

photo by Moja Msanii on unsplash
Photo by Moja Msanii on Unsplash

Often times I find myself in a situation where I have made a fine looking app that I want to share with the open source world, but worry that my app code contains several keys and ids that might get misused .

In other times, there is this situation that I have to deploy an app to production using a particular that is different from the current that I am using for development.

Both of these cases always bug me and I was looking for a solution about these for quite a while. So recently I came across this github repo whose gradle file made me curious to research and share my findings .

I found that there are a lot of ways to handle such problems, but the most simple way would need just changes in the file ,and the file using something called Gradle Variables.


So just to summarize, here is a hypothetical scenario:

  1. I am using a particular key (say ) that would be used to access a particular news server. I want to share my app on github, but that key is precious to me and if misused, might cost me .
  2. I also bought a premium plan of that news server and now i have an even more precious key (say ) . I only want to use this key in my release built , and nowhere else.

Both of these cases are handled pretty well by gradle variables.

Some Practical implementation.

We can manage our keys using gradle variables in only 3 simple steps:

  1. we create a folder in project root say and add some properties files:

for debug , we add the following content in file:

KEY_USER = "o1234abcd"

for release, we add in file:

KEY_USER = "p1234abcd"
The repository would look something like this.

2. then we access the variables from properties file in

3. then we can simply access the keys in activity or anywhere else using the following code(note: you would need to rebuild your project before this segment works):

val key = BuildConfig.KEY_USER

and you are done! The next time you sign your app and create a release version, the from the file will automatically get picked for the signed app while the debug key from the file would be used every time you create a build using the top green arrow.

If you want to share your code on a public git based platform, like github or gitlab, but don’t wanna share your keys, then you can simply add add the line in a file. this will let git know that the content in folders does not need to be pushed to repo.

End Notes

That’s all folks! I have also creates a sample repo here and included some links for more info. Do press that👋 if you liked it . Suggestions and discussions are always welcome in the comments!

This is Ansh Sachdeva Signing off👋


curiously fiddling around with tech |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store