Reputation: 2890
How to not store API key in visual studio/c# code in an open source project
I am using Microsoft's App Center with a .NET Core 3 WPF app. I do not want to store my app center key in the source code directly, as my software is open source. I'm using Visual Studio, and I've googled around on ways to not store my API key in the source code directly. I know you should not store them there, but when it comes to build time, I need to have the API key accessible as a string to the code so it can pass it off to a method call.
I am not extremely worried about someone running my app through a disassembler, but I would like to thwart the casual people who might want to poke around more than they should. In Visual Studio/c#, I can't seem to find any way to do something like this. Like a #ReadFromFile(filepath) directive or something that could read the contents of a file and substitute it into the document at compile time.
Does anyone know of a way to do something like this? I have seen many answers about "how you should just never do it", but I don't really have the resources to do what a lot of them do. I just have a fairly simple application that's open source and uses an API key.
Upvotes: 2
Views: 1552
Answers (1)
Reputation: 397
I think there are 3 possible solutions:
Put the key in a file that your application will read at startup and exclude this file from version control.
a) Put your key in the Environment Variables. This is the way you would do it for a cloud application. (but because you need it for a desktop application every program on your PC can read them)
b) If you are working only on windows put it in the windows registry. (other programs can reed this too)
Call your Program with the key as a parameter. You can create a batch/powershell (on windows) or bash (on linux) script or create a desktop shortcut so that you don't have to start you application over the terminal all the time.
(Additionaly you could also encrypt the key and ask the user for a password on startup. So even if other applications can read your key they have only the encrypted data.)
Upvotes: 4
Related Questions
- How to safely store API credentials in a C# file shared on GitHub?
- How to hide developer key
- How to generate and manage API Keys in ASP .NET Core
- How can I hide my API keys for a Visual Studio Code Extension?
- C# how to define global constants like api keys and prevent from being uploaded to Github
- VSCode - How to manage User Secrets in .Net Core 2.0+ API
- Proper way to hide API keys in Git
- How to secure an API written in .Net
- How to protect an API key in a .NET application
- Best practive to keeping API keys from being commited?