This repo contains files related to the way application secrets are managed in our iOS apps.
Application secrets are stored in an JSON document outside of an app's source control so they are not accidentially commited. The included files read the secrets from the JSON document and compose application code defining the secrets from templates.
Follow these steps to configure application secret management in an iOS app. It is assumed your project is organized with a top level workspace folder containing a project folder for the app. If your app has a different structure you'll need to modify file paths accordingly.
If the app uses our secrets reppository,
- Navigate to
~/.mobile-secrets/iOS/
- Create a new folder for your app and add a JSON file with your apps secrets.
- Commit the changes and push them to trunk.
- Copy the
Scripts/build-phases
folder from this repo into the root of your app’s workspace folder. - Copy the
Credentials
folder from this repo into the root of your app’s project folder. - Navigate to
Credentials/Templates
in Finder. Copy theTemplates
folder, and paste a new copy in your app's project folder. RenameTemplates
toDerivedSources
. RenameDerivedSources/ApiCredentials-Template.swift
toDerivedSources/ApiCredentials.swift
and renameDerivedSources/InfoPlist-Template.h
toDerivedSources/InfoPlist.h
- Open your Project in Xcode.
- Select
File > Add Files
and add theCredentials
folder to your project. - Edit the following files to have placeholders for the secrets your app needs:
ApiCredentials.tpl
InfoPlist.tpl
Templates/ApiCredentials-Template.swift
Templates/InfoPlist-Template.h
- If you included a reference to the
Credentials/Templates
folder remove the reference (but do not delete) from your project. Leaving it will cause build errors later.
This next part might be a little tricky. We need to create a reference to a DerivedSources
folder that's located in the build folder as opposed to the project folder.
- Select
File > Add Files
and add theDerivedSources
folder to your project. Make sure this is added as a Group and not a Folder Reference. - Select the
DerivedSources
folder. Right click and choose Show File Inspector. - In the Identity and Type panel, change the Location dropdown to be Relative to Build Products
- Tap the folder icon below the drop down.
- Navigate to
/Users/you/Library/Developer/Xcode/DerivedData/your-app/Build/Products
. - Create a new folder and name it
DerivedSources
. - Select the folder.
Your project reference to DerivedSources should now point to the folder in the build directory. You can safely open Finder and remove the DerivedSources
folder from your project folder.
- Open your project’s build settings.
- Add a user defined setting named
SECRETS_PATH
whose value is the path to your secrets file. Example:$HOME/.mobile-secrets/iOS/your-app/your-secrets.json
- Add a new Cross-platform Aggregate target named
GenerateCredentials
- Add a new Run Script build phase to the
GenerateCredentials
target. - Under
Shell
add$SRCROOT/../Scripts/build-phases/generate-credentials.sh
- Under
Input Files
add the following:
$(SRCROOT)/Credentials/replace_secrets.rb
- Under
Output Files
add the following:
$(BUILT_PRODUCTS_DIR)/../DerivedSources/ApiCredentials.swift
$(BUILT_PRODUCTS_DIR)/../DerivedSources/InfoPlist.h
- Open your application target’s build phases.
- Select
Target Dependencies
and add theGenerateCredentials
target.
- Build and Run. Confirm your app works as expected.
Bonus: Inspect your application's build directory. Find the DerivedSources folder and confirm it contains your credential files.