SpacePod 17 - App Secrets


Lot’s of ways to do this, and all of them have drawbacks. We are doing it this way to keep things simple. Warning, this approach is simple, but the api key will in plaintext in the app bundle!!!


Other Methods

  1. Environment setting
  2. CI/CD
  3. Shared iCloud database
  4. Bypass the API altogether


  1. Use your api key instead of the demo key
  2. Make sure we don’t check our api key into the repo


  1. Update Network.swift
  2. Create .gitignore
  3. Copy & paste from github
  4. Add Secrets.json to .gitignore?
  5. Add Secrets.json to project and target
  6. Create Secrets.swift model
  7. Load apiKey from Secrets.txt ?? DEMO_KEY


  1. New Group “Models”
  2. New Type Secret
import Foundation

struct Secret: Codable {
    let apiKey: String


var toSecret: Secret? {
    let decoder = JSONDecoder()
    decoder.keyDecodingStrategy = .convertFromSnakeCase
    return try? decoder.decode(Secret.self, from: self)

Update Network

Delete getString() & getPod()

import Foundation

class Network {

    let baseUrl = ""
    let apiKey = "?api_key=" + ( "Secrets", withExtension: .json)?.toSecret?.apiKey.description ?? "DEMO_KEY")

    func getPods() async -> [Pod]? {
        let url = URL(string: "\(baseUrl)\(apiKey)&count=20")!
        do {
            let request = URLRequest(url: url)
            print("🌎 request: " + request.debugDescription)
            let (data, response) = try await request)
            print("🌎 response: " + response.debugDescription)
            return data.toPods
        catch {
            print("🌎 error: " + error.localizedDescription)
            return nil

Create .gitignore

  1. Add a new empty file at the root of the project and name it “.gitignore”. Be sure to notinclude it in our target.
  2. Copy and paste the contents of Swift.gitignore into .gitignore.
  3. Add Secrets.json to .gitignore
# Project

Add Secrets.json

  1. Select the project
  2. Right click to create a new file named Secrets.json
  3. Be sure to include it with SpacePod target
  4. Add the following json
  5. Be sure to change apiKey to your api key from and save
	"api_key" : "PASTE_YOUR_API_KEY_HERE"