My app (Flutter based) that I’m willing to publish in F-Droid uses secrets that are used at Runtime of the app
The secrets get generated at the build time (using secrets.json locally & environmental vars in Github Action) & used in runtime. So I need a way to pass these secrets as ENV variables or any other way at build time in F-Droid server
What linsui meant actually: you can’t have secrets on F-Droid, everything needs to be in the open, in the source repo. Once there, they’re not secrets anymore… just “keys” or whatever you call them.
F-Droid does not sign up for any API keys. Even if provided by a third party, we include them in both, binary and sourcecode releases.
ClientId or API Keys are fine to include as they’re intented to be seen by everyone. But my application also have to have ClientSecret too for its functionality & that is not something I can push to upstream. It can be a security risk for my users
Is there any way to store this kind of secret & pass it only in the build without letting know everyone?
An you need a secret thing for what exactly? Who needs that, you the dev or the user using it? Eg. Can the user ask from Spotify for such a secret and insert it in your app in Settings?
Yeah my app has the ability to save user provided client id & secret but that’s only needed when the user is willing to login with his/her account
But by default my app would use some pre-generated client id & secret to provide an anonymous experience without needing an actual Spotify Account
@Licaon_Kter I know it can be done. But its difficult. Not everyone can do that. At least, it is better than keeping it completely open to everyone because now everyone can see it
@KRTirtho unzip and strings are not very difficult.
Otherwise you can run enjarify and jad if necessary.
If your service crumbles because someone has an API key, something is fundamentally broken with your service.
If you need to share accounts across multiple users, then look at the cookiejar made by Yalp that is currently used by Aurora as already mentioned above.