https://kotlinlang.org logo
#android
Title
# android
y

Yashwant Gowla

09/29/2023, 8:38 AM
Is there a well-known, accepted method to safeguard the private keys (such those for AWS or Stripe) in the project so they won't leak without permission?
not kotlin but kotlin colored 2
f

Filip Wiesner

09/29/2023, 9:21 AM
Never store private keyes in your app. There are ways to hide/obfuscate the keys but there is always a way for attacker to access them. Also not kotlin but kotlin colored
y

Yashwant Gowla

09/29/2023, 10:02 AM
can you suggest any tool or something?
f

Filip Wiesner

09/29/2023, 10:06 AM
Try hidden-secrets-gradle-plugin but again, nothing is secure when present in installation APK
y

Yashwant Gowla

09/29/2023, 10:07 AM
can we use secret manager or vault such as Google secret manager or Hashicorp vault?