The Sekret plugin allows any Kotlin developer to deeply hide secrets in your project. This prevents credentials harvesting to a certain level.
The following obfuscation techniques are used:
- The secret is obfuscated using a reversible XOR operation, so it never appears as plain text
- Obfuscated secret is stored in a native binary as a hexadecimal array, so it's hard to decompile
- This is not the case for javascript modules
- The obfuscated string is not persisted in the binary to force runtime evaluation
This plugin is a more flexible and Kotlin Multiplatform compatible version of klaxit/hidden-secrets-gradle-plugin
This plugin can be used with any Kotlin project (single-, or multiplatform).
This project is available through mavenCentral
.
plugins {
id("dev.datlag.sekret") version "1.0.0"
}
You can call the following after applying the plugin in your build.gradle.kts
sekret {
packageName.set("your.package.name")
encryptionKey.set("yourUniqueEncryption") // default is the specified packageName
// more configuration...
}
The plugin will generate a separate module, since it needs to compile for native targets even if you just use Android or JVM for example.
Therefore, you need to include the generated sekret module in your settings.gradle.kts
.
.gitignore
include(":sample", ":sample:sekret")
Create a sekret.properties
file in the project/module where you applied the plugin and simply add key-value pairs.
YOUR_KEY_NAME=yourSuperSecretSecret
OTHER_SECRET=th1s1s4n0th3rS3cr3t
You can change the name and location by changing the sekret configuration:
sekret {
propertiesFile.set(project.layout.projectDirectory.file("my-secrets.properties"))
}
.gitignore
To generate source code for your provided secrets, just call ./gradlew generateSekret
.
You can change the generated build.gradle.kts
depending on your needs, just make sure to apply the required native targets:
- For Android:
androidNativeX
- For JVM:
linuxX
,mingwX
andmacOsX
, depending on your output platform.
If you misconfigured your build script or added new targets to your base module, you can run ./gradlew sample:generateSekretBuildScript
.
Make sure to configure the compose application correctly, take a look at the sample project.
- If you use Android or JVM target you have to call
./gradlew createAndCopySekretNativeLibrary
. - If you use any JS target you can just use the generated
Sekret
class as is.
val binaryLoded = NativeLoader.loadLibrary("sekret", System.getProperty("compose.application.resources.dir")?.let { File(it) })
if (binaryLoded) {
val yourKeyName = Sekret().yourKeyName("your-encryption-key")
val otherSecret = Sekret().otherSecret("your-encryption-key")
}
Sponsoring to this project means sponsoring to all my projects! So the further text is not to be attributed to this project, but to all my apps and libraries.
Supporting this project helps to keep it up-to-date. You can donate if you want or contribute to the project as well. This shows that the library is used by people, and it's worth to maintain.