android-studio-plugin icon indicating copy to clipboard operation
android-studio-plugin copied to clipboard
verified publisher icon crowdin

Allow putting api-token in the external file outside VCS directory

Open alecpetrosky opened this issue 4 years ago • 3 comments

Is your feature request related to a problem? Please describe. As a security measure, especially for opensource projects, it would be great to have an option of placing Crowdin api-key outside of version control.

Describe the solution you'd like

  • Crowdin CLI client already reads .crowdin.yml with the highest priority.
  • Add option to set file name with api-key (~ as gradle does for signing key passwords).

Describe alternatives you've considered Currently, if someone wants to use this plugin, the only solution is adding crowdin.properties to .gitignore. Or using CLI client instead of AS Plugin.

alecpetrosky avatar Jun 30 '21 04:06 alecpetrosky

Oh, I see that there's an option of using env variables api-token-env. It solves the problem. Not as good as external file but much better than putting Crowdin api-key under version control.

alecpetrosky avatar Jun 30 '21 04:06 alecpetrosky

Hello Alec, Glad to hear you found a solution and that the material collected here regarding android-studio-plugin is useful for you😊

Rommka4 avatar Jun 30 '21 04:06 Rommka4

Hi @alecpetrosky!

you could load the credentials from environment variables:

project-id-env=CROWDIN_PROJECT_ID
api-token-env=CROWDIN_TOKEN
base-url-env=CROWDIN_BASE_URL

So, using this approach, the crowdin.properties file could be committed to the repository without compromising the credentials.

andrii-bodnar avatar Aug 09 '21 07:08 andrii-bodnar