Ways to store external API keys?

Kyrcio · July 15, 2019, 9:11pm

If I were to work on an integration app where I have to apply for an API key for it, I cannot just check in the key to the GitHub project as that would most likely violate the ToS and probably invalidate the key.

Is there someplace I can store these keys securely? Since Athom publishes the apps directly from GitHub there is no intermediate step, right?

I am fully aware that storing secrets so they can be read (decrypted) on the end user device is not fool-proof, but this is not my point as keeping them out of hands of rooted Homeys (do they exist?) is (I believe) beyond what’s expected of me.

Caseda · July 15, 2019, 10:15pm

You can add environmental variables into the app store when you add your app in the app store.

See: Home - Homey Apps SDK v3

When submitting your app, you can enter the variables during the submission process.

There are no rooted Homey’s, bootloader is not reachable by us mere mortals

They do state it is not 100% safe (only 99.9%), but what is when talking about the internet.

Kyrcio · July 17, 2019, 3:14pm

I saw that but I never figured out where to enter the actual data. I’ll give it another shot then.

Topic		Replies	Views
How to securely store username and password for an API within my app Developers	33	789	November 26, 2022
Getting to environment variables from my api.js code Developers	4	348	November 7, 2022
How secure are Homey apps (and what happens if a developer goes rogue)? Questions & Help	5	518	September 3, 2022
Connecting to the Homey API? Questions & Help	26	2396	January 10, 2023
Homey Community App Store Apps	461	34586	April 18, 2024

Ways to store external API keys?

Related Topics