A mobile app that integrates the Fabric mobile platform and the Crashlytics crash reporting framework requires two things to successfully communicate with the Fabric / Crashlytics server platform:
- The Fabric API key: This is required at build time so that the build process can upload the debug symbols that later are required to symbolicate crash reports. The API key is also required at runtime so that the app on a customer device can submit crash reports.
- The Fabric build secret: This is also required for uploading debug symbols at build time.
Whoever knows these two pieces of information can freely interact with the Fabric / Crashlytics server platform on behalf of the app, so obviously you want to restrict knowledge of the information to people who can be trusted. This article shows how to keep API key and build secret private even in an Open Source project like Little Go where, by definition, there is the desire to publish everything.