README.md in cocoapods-keys-0.9.5 vs README.md in cocoapods-keys-1.0.0

- old
+ new

@@ -12,11 +12,11 @@ ## How it works Key names are stored in `~/cocoapods/keys/` and key values in the OS X keychain. When you run `pod install` or `pod update`, an Objective-C class is created with scrambled versions of the keys, making it difficult to just [dump](https://github.com/stefanesser/dumpdecrypted) the contents of the decrypted binary and extract the keys. At runtime, the keys are unscrambled for use in your app. -The generated Objective-C classes are stored in the `Pods/Keys` directory, so if you're checking in your [Pods folder](http://guides.cocoapods.org/using/using-cocoapods.html#should-i-ignore-the-pods-directory-in-source-control), just add `Pods/Keys` to your `.gitignore` file. +The generated Objective-C classes are stored in the `Pods/Keys` directory, so if you're checking in your [Pods folder](http://guides.cocoapods.org/using/using-cocoapods.html#should-i-ignore-the-pods-directory-in-source-control), just add `Pods/Keys` to your `.gitignore` file. CocoaPods-Keys supports integration in Swift or Objective-C projects. ## Usage You can save keys on a per-project basis by running the command: @@ -43,16 +43,16 @@ GIFs - /Users/orta/dev/mac/GIFs └ redditAPIToken & mixpanelAPIToken ``` -After the next `pod install` or `pod update` keys will add a new Objective-C class to your Pods xcworkspace. This provides an API to your keys from Cocoa code. For example the application code above would look like: +After the next `pod install` or `pod update` keys will add a new `Keys` framework to your Pods project. This provides an API to your keys from Cocoa code. For example the application code above would look like: ``` objc #import "ORAppDelegate.h" -#import <CocoaPods-Keys/MyApplicationKeys.h> +#import <Keys/MyApplicationKeys.h> #import <ARAnalytics/ARAnalytics.h> @implementation ORAppDelegate - (void)applicationDidFinishLaunching:(NSNotification *)aNotification @@ -64,9 +64,41 @@ } @end ``` + +## Usage via CocoaPods 0.36 + +Using the new Plugin API in CocoaPods we can automate a lot of the fiddly bits away. You define what keys you want inside your [Podfile](https://github.com/artsy/eidolon/blob/0a9f5947914eb637fd4abf364fa3532b56da3c52/Podfile#L6-L21) and Keys will detect what keys are not yet set. If you need to specify a different project name from the target name, use the key `:target` to specify it. + +``` +plugin 'cocoapods-keys', { + :project => "Eidolon", + :keys => [ + "ArtsyAPIClientSecret", + "ArtsyAPIClientKey", + "HockeyProductionSecret", + "HockeyBetaSecret", + "MixpanelProductionAPIClientKey", + ... + ]} +``` + +Then running `pod install` will prompt for the keys not yet set and you can ensure everyone has the same setup. + +#### Other commands + +CocoaPods-keys has 3 other commands: + + * `pod keys get [key] [optional project]` + Which will output the value of the key to STDOUT, useful for scripting. + + * `pod keys rm [key] [optional project]` + Will remove a key from a project. + + * `pod keys generate [optional project]` + Will generate the obfuscated Objective-C keys class (mainly used internally). #### Security Key security is difficult. Right now even the biggest apps get their keys [leaked](https://threatpost.com/twitter-oauth-api-keys-leaked-030713/77597). This is neatly summed up by John Adams of the Twitter Security Team on [Quora](http://www.quora.com/Twitter-1/How-were-the-Twitter-iPhone-and-Android-OAuth-keys-leaked).