ObfusKit is a ruby script that generates obfuscated secrets for Swift and Kotlin.
Install the latest version of the gem using:
gem install obfuskitCall obfuskit -h for help.
Usage: obfuskit [options]
Specific options:
-l, --language [LANGUAGE] Output language (swift, kotlin). Kotlin requires a package parameter.
-k SECRET_1,SECRET_2,SECRET_3, List of environment variable keys
--keys
-p, --package [PACKAGE] Package name for Kotlin
-t, --type [TYPE] Output type name. Defaults to `ObfusKit`
-e, --env [PATH] Path to an alternative .env file
Common options:
-h, --help Show this message
-v, --version Show versionTo generate Swift code, run the following command:
obfuskit -l swift -k SECRET_1,SECRET_2 > generated.swiftIt will create the file generated.swift containing an obfuscated version of the environment variables SECRET_1 and SECRET_2.
This file should be excluded from the git repository and generated at build time.
The obfuscation salt is regenerated for each run.
import Foundation
enum ObfusKit {
static let SECRET_1: String = _o.r([30, 113, 37, 119, 32, 37, 36])
static let SECRET_2: String = _o.r([24, 117, 35, 119, 38, 33, 34])
private class _3f3eccd2e5ea46b39738e5502bda6bef { }
private static let _o = O(String(describing: _3f3eccd2e5ea46b39738e5502bda6bef.self))
}
// ...The same concept applies to the Kotlin language using:
obfuskit -l kotlin -p com.myapp.configuration.environment -k SECRET_1,SECRET_2 > generated.ktIt will create the Kotlin version generated.kt.
package com.myapp.configuration.environment
object ObfusKit {
private val _o = O(_6572131328ef462d9d4a05cf4b2a2516::class.java.simpleName)
private class _6572131328ef462d9d4a05cf4b2a2516
val SECRET_1: String = _o.r(byteArrayOf(30, 116, 118, 115, 119, 119, 116))
val SECRET_2: String = _o.r(byteArrayOf(24, 112, 112, 115, 113, 115, 114))
}
// ...Proguard/R8 changes class names and method names. This will break revealing secrets at run time.
To prevent this, add the according rules to your proguard-rules.pro file or use the --keep-annotation parameter to inject a custom annotation like @androidx.annotation.Keep into the generated code.
For example:
obfuskit -l kotlin -p com.myapp.configuration.environment -k SECRET_1,SECRET_2 --keep-annotation @androidx.annotation.Keep > generated.ktUse the -e option to define the path to a different .env file, e.g., if you want to reuse the fastlane/.env file.
obfuskit -l swift -k SECRET_3,SECRET_4 -e fastlane/.env > generated.swift- Generate Swift
- Generate Kotlin
- Read Secrets from the Environment
- Add dynamic salt for obfuscation
- Support for .env files
- Use template engine for code generation
- Read secrets from 1Password CLI