secret_keeper allows you to store, remove and read the items from the keychain on macOS system.
Branch: master
Clone or download

README.md

secret_keeper plugin

fastlane Plugin Badge

Getting Started

This project is a fastlane plugin. To get started with fastlane-plugin-secret_keeper, add it to your project by running:

fastlane add_plugin secret_keeper

About secret_keeper

You should keep your secret keys, tokens and passwords secure and private. Never store keys in a code repository, in client-side code. One of the recommend way of storing sensitive data is the keychain. secret_keeper allows you to store, remove and read the items from the keychain on macOS system.

Actions

add_item_to_keychain

add_item_to_keychain	# Adds the credentials to the keychain on behalf of the user
add_item_to_keychain(
      item_name: "personal-access-token", # Item name to be stored in the keychain
      account_name: "username", # An account name associated with the keychain item
      password: ENV["PERSONAL_ACCESS_TOKEN"] # Password to be stored in the keychain
    )

It returns password as a plain text.

⚠️ If an item you are trying to add already exists, the lane fails.

remove_item_from_keychain

remove_item_from_keychain	# Removes the credentials from the keychain on behalf of the user
remove_item_from_keychain(
      item_name: "personal-access-token", # Item name to be removed from the keychain
    )

⚠️ If an item you are trying to remove does not exist, the lane fails.

👓 read_item_from_keychain

read_item_from_keychain	# Reads the password from the keychain for a given item
read_item_from_keychain(
      item_name: "personal-access-token", # Item name for a given password stored in the keychain
    )

It returns password as a plain text if the item has been found, nil otherwise.

Example

One of the common usage of a secret_keeper plugin is storing and reading API tokens for a 3rd party services you need to communicate with.

lane :request_3rd_party_API do
    password = read_item_from_keychain(
        item_name: PERSONAL_ACCESS_TOKEN
    )

    if password
        # You can use your password here
    else
        # The password for a given item has not been found in the keychain. Request a user to provide the password. 
        UI.message 'Falstlane will talk to the 3rd party service on your behalf. In order to do so, it needs a personal access token. It will ask about it only once and store it in the keychain. Please provide your token 🙏🏻'

        # Since `password` field is non-optional, Fastlane will ask to provide it via a user input. 
        password = add_item_to_keychain(
            item_name: PERSONAL_ACCESS_TOKEN,
            account_name: ENV["USER"]
        )

        # Now you can read a password successfully. 
    end
end

Issues and Feedback

For any other issues and feedback about this plugin, please submit it to this repository.

Troubleshooting

If you have trouble using plugins, check out the Plugins Troubleshooting guide.

Using fastlane Plugins

For more information about how the fastlane plugin system works, check out the Plugins documentation.

About fastlane

fastlane is the easiest way to automate beta deployments and releases for your iOS and Android apps. To learn more, check out fastlane.tools.