chimney

An open source Swift command line tool for managing application secrets.

Why we built it.

Most iOS apps need to access secrets, such as API keys, to set up third-party SDKs or communicate with backend APIs. The simplest approach is to include secrets in the source code or in the Info.plist file but that also exposes those values to anyone with read access to the source repository. It's best security practice to keep secrets out of source control.

How it works.

Chimney stores secrets securely in the developer's keychain, not in the application source. Once installed, it can inject secrets as part of a standard Xcode build process and it doesn't require a third-party dependency manager. It also works with continuous integration so you can keep your production secrets safe and completely out of developer's hands.

How to use it.

Chimney is powered by a simple configuration file added to your project. Run chimney setup locally, follow the interactive prompts, and then run chimney generate. A source file is then generated which can be ignored by source control and contains the secrets for use anywhere in your app.

Check out the project on GitHub for more details.

Built by Livefront.

Livefront is a digital product consultancy. We're trusted by some of the world's most admired companies to drive strategy, design, and engineering for their core digital experiences. They partner with us to move faster, think bigger, and design products people love.

Learn more