How to deploy secret api keys / tokens in project

MicroEJ SDK
1

Hello,
my current project will be calling a REST server which requires an API key / token to be accessed. This API key should never be deployed in code and should instead be provided by each developer / environment themselves. The simplest way would be to have everyone set a specific environment variable that can be read during SIM run / EMB deploy / test, but I don’t know of a way how to then access this in java source code later.

What is the best way to provide these API keys to the project? Is there a way to put environment variables into the constants.list or are there other functionalities that can be used?

Kind Regards,
John

2

Hello John,

Well it depends of the context, depending on the need, you could have this configuration as:

  • a Java system property in a .properties.list
  • a Java system property in the Run Configuration (MicroEJ Classpath — MicroEJ Documentation)
  • a file in a file system where the user stores the API key
  • a secure place in the MCU’s flash
  • an input of a GUI

It depends on how secure you want this key to be and where you want it to be.

Hope it helps.
Gaëtan for MicroEJ