Jim Bennett

Senior Cloud Developer Advocate at Microsoft, Xamarin Certified Developer, author of Xamarin In Action, blogger, speaker, father and lover of beer, whisky and Thai food. Opinions are my own.

  Reading, UK

See me soon at:

Techorama NL
Expert Day For Xamarin
Caribbean Developers Conference

My book:

Xamarin In Action

My podcast:

The Jim And Tonic Show
The Jim And Tonic Show on iTunes

Contact me:

  Xamarin In Action
  Twitter
  The Jim And Tonic Show
  GitHub
  LinkedIn
  YouTube
  Email
  CV

I've been working on a Xamarin app using Azure Cognitive Services to do image recognition, and one of the stumbling blocks I've faced is what to do with my API keys. I want to make the app open source as an example of how to use these services, but don't want to check my API keys into Git to be available to all - after all, bad things can happen.

I hit up twitter, and got a really awesome solution from Bart Lannoeye:

This is exactly what I did, and it works perfectly. I've created a static class called ApiKeys which contains all my keys using "Your Key Here" values:

public static class ApiKeys  
{
  public static string PredictionKey = "<Your API Key>";
  public static Guid ProjectId = Guid.Parse("<Your Project GUID>");
}

I then added this to Git and commited. After my commit I ran:

git update-index --assume-unchanged ./ApiKeys.cs  

Done. I can then change the values to my actual API keys and Git doesn't see the change.

Obviously if I need to add any more keys to this file I'd have to revert this change, remove all keys, add the new one with a "your key" type value, commit, re-run the update-index and put the keys back. A bit of work, but at least no worries about anyone abusing my API limits!

Thanks Bart!


Update - how to tell users what they need to do with this code

I've just had another great suggestion from Brandon Minnick, a fellow CDA here at Microsoft. He suggests adding a #error to the keys file so that when someone grabs the code and builds it they get an error telling them what to do, rather than a crash when the app is run:

public static class ApiKeys  
{
#error You need to set up your API keys.
  // Start by registering for an account at https://customvision.ai
  // Then create a new project.
  // From the settings tab, find:
  // Prediction Key
  // Project Id
  // and update the values below
  public static string PredictionKey = "<Your Prediction Key>";
  public static Guid ProjectId = Guid.Parse("<Your Project GUID>");
}

Update 2 - how to fix it if you forget and add your keys

Another great tip from Brandon Minnick is the BFG Repo-CLeaner. If you accidentally checked in some API keys, this tool can remove them from the Git history.

Obviously it could be too late by the time you realize, so if you check any API keys in to a public repo you MUST regenerate them as there are bots that can GitHub for API keys. But this is good for a private repo that you are planning to make public or accidentally add personal keys to.




About the Author

Jim Bennett

Cloud Developer Advocate at Microsoft, Xamarin Certified Developer, blogger, author of Xamarin in Action, speaker, father and lover of beer, whisky and Thai food. Opinions are mine

 

I've been working on a Xamarin app using Azure Cognitive Services to do image recognition, and one of the stumbling blocks I've faced is what to do with my API keys. I want to make the app open source as an example of how to use these services, but don't want to check my API keys into Git to be available to all - after all, bad things can happen.

I hit up twitter, and got a really awesome solution from Bart Lannoeye:

This is exactly what I did, and it works perfectly. I've created a static class called ApiKeys which contains all my keys using "Your Key Here" values:

public static class ApiKeys  
{
  public static string PredictionKey = "<Your API Key>";
  public static Guid ProjectId = Guid.Parse("<Your Project GUID>");
}

I then added this to Git and commited. After my commit I ran:

git update-index --assume-unchanged ./ApiKeys.cs  

Done. I can then change the values to my actual API keys and Git doesn't see the change.

Obviously if I need to add any more keys to this file I'd have to revert this change, remove all keys, add the new one with a "your key" type value, commit, re-run the update-index and put the keys back. A bit of work, but at least no worries about anyone abusing my API limits!

Thanks Bart!


Update - how to tell users what they need to do with this code

I've just had another great suggestion from Brandon Minnick, a fellow CDA here at Microsoft. He suggests adding a #error to the keys file so that when someone grabs the code and builds it they get an error telling them what to do, rather than a crash when the app is run:

public static class ApiKeys  
{
#error You need to set up your API keys.
  // Start by registering for an account at https://customvision.ai
  // Then create a new project.
  // From the settings tab, find:
  // Prediction Key
  // Project Id
  // and update the values below
  public static string PredictionKey = "<Your Prediction Key>";
  public static Guid ProjectId = Guid.Parse("<Your Project GUID>");
}

Update 2 - how to fix it if you forget and add your keys

Another great tip from Brandon Minnick is the BFG Repo-CLeaner. If you accidentally checked in some API keys, this tool can remove them from the Git history.

Obviously it could be too late by the time you realize, so if you check any API keys in to a public repo you MUST regenerate them as there are bots that can GitHub for API keys. But this is good for a private repo that you are planning to make public or accidentally add personal keys to.