How to deploy secret api keys / tokens in project

Hello,
my current project will be calling a REST server which requires an API key / token to be accessed. This API key should never be deployed in code and should instead be provided by each developer / environment themselves. The simplest way would be to have everyone set a specific environment variable that can be read during SIM run / EMB deploy / test, but I don’t know of a way how to then access this in java source code later.

What is the best way to provide these API keys to the project? Is there a way to put environment variables into the constants.list or are there other functionalities that can be used?

Kind Regards,
John

Hello John,

Well it depends of the context, depending on the need, you could have this configuration as:

  • a Java system property in a .properties.list
  • a Java system property in the Run Configuration (MicroEJ Classpath — MicroEJ Documentation)
  • a file in a file system where the user stores the API key
  • a secure place in the MCU’s flash
  • an input of a GUI

It depends on how secure you want this key to be and where you want it to be.

Hope it helps.
Gaëtan for MicroEJ