A Swift command line tool for managing application keys.
Chimney enables you to store secrets in developer's keychains instead of committing them to source control.
Xcode 10.2
mint install livefront/chimney
git clone https://github.com/livefront/chimney.git
cd chimney
swift run chimney
In your Package.swift:
.package(url: "https://github.com/livefront/chimney.git", from: "0.1.0"),
Add a chimney.yml
file to your project folder with a list of the keys you want to manage:
name: "MyProject"
keys:
- APISecret
- SuperSecret1
Run setup
:
chimney setup
or (if installed via Mint)
mint run chimney setup
The first time, it will ask you to provide values for each key.
❌ Chimney has detected a missing keychain value.
🔑 What is the key for APISecret
>
❌ Chimney has detected a missing keychain value.
🔑 What is the key for SuperSecret1
>
✅ All keys found. Ready to generate.
These values will be stored in your macOS keychain.
Options:
- -s, --spec: An optional path to a
.yml
key spec. Defaults tochimney.yml
Once your keys are setup, running generate
:
chimney generate
🏭 Generating MyProjectKeys.swift...
or (if installed via Mint)
mint run chimney generate
🏭 Generating MyProjectKeys.swift...
will output a Swift file containing those secrets which you can reference in your app.
import Foundation
class MyProjectKeys {
static let APISecret = "shhh"
static let SuperSecret1 = "noneofyourbeeswax"
}
Options:
- -o, --output: The output file. Defaults to [KeySpecName]Keys.swift
- -s, --spec: An optional path to a
.yml
key spec. Defaults tochimney.yml
.
As an alternative to accessing secrets at runtime via the generated file, get
can be used to get a secret for a key. This enables build time scripts to access secrets.
chimney get <key>
or (if installed via Mint)
mint run chimney get <key>
Options:
- -s, --spec: An optional path to a
.yml
key spec. Defaults tochimney.yml
Once the file is generated, go ahead and add it to your project in Xcode, but also make sure to add it to your .gitignore
:
# Ignore generated keys
MyProjectKeys.swift
If you want to ensure that the file is kept up to date automatically, add a Run Script build phase to your app's target:
- Select your app's target from the Xcode project file.
- On the Build Phases tab, press the
+
button. - Select
New Run Script Phase
. - Drag the newly created
Run Script
entry so it is aboveCompile Sources
. - Enter
chimney generate
in the script editor. (Or if using Mint,mint run livefront/chimney chimney generate
.)
- In your
project.yml
, add a path to your generated class in the app's main target with the flagoptional: true
. - Add a script to your
preBuildScripts
section that runschimney generate
. (Or if using Mint,mint run livefront/chimney chimney generate
.)
Example project.yml
:
targets:
MyProject:
sources:
- path: Sources
- path: MyProjectKeys.swift
optional: true
preBuildScripts:
- script: chimney generate
name: Chimney
When running on an environment where you don't have access to the Keychain, such as a CI server, you can also define environment variables which will be used instead to generate the Swift class. The names of the variables must match the names of the keys you have specified in chimney.yml
.
Inspired by: