How should I handle secret tokens for open source android projects?

Question

I am learning to build an Android app with Parse. As instructed, I need to initialize the Parse SDK with the following method in Application.java:

Parse.initialize(Context context, String applicationId, String clientKey)

And my question is how should I handle the applicationId and clientKey in an Android project so that I will not expose them on GitHub?

For web projects, usually there are something like app.conf.example for you to copy as app.conf, which is listed in .gitignore. When setting up local or production environments, you need to put correct secret tokens in app.conf manually.

I wanna know is there anything like this for Android app development?

Thank you so much!

Answer 1

Short solution :

I think you can just put it like that, e.g :

Parse.initialize(Context context, String applicationId, String clientKey)

on the Application.java.

Commit it as-is, and then use the correct applicationId and clientKey locally.

This is because usually there are no notable changes to the Application.java class, in any case that you need to change something, just remove the correct code, edit the class, push to github, and put the correct code back locally.