Is there a well-known, accepted method to safeguar...
# android
y
Is there a well-known, accepted method to safeguard the private keys (such those for AWS or Stripe) in the project so they won't leak without permission?
not kotlin but kotlin colored 2
f
Never store private keyes in your app. There are ways to hide/obfuscate the keys but there is always a way for attacker to access them. Also not kotlin but kotlin colored
y
can you suggest any tool or something?
f
Try hidden-secrets-gradle-plugin but again, nothing is secure when present in installation APK
y
can we use secret manager or vault such as Google secret manager or Hashicorp vault?