Class Secrets

java.lang.Object
com.codename1.security.Secrets

public final class Secrets extends Object

Runtime access to the secrets your app needs (API keys such as a Google Maps key) WITHOUT shipping them inside the binary, where they are trivially extractable. A secret is defined once in the Codename One Cloud vault (the Secrets page of the build console), fetched on demand over TLS, and cached in the device keychain via SecureStorage -- so you can rotate the value server-side without reshipping the app.

// off the EDT (the first call may hit the network):
String mapsKey = Secrets.get("googlemaps.key");

Only secrets the developer published to the app-readable namespace are served to a device; server-only credentials (such as the App Store / Google Play keys used by commerce validation) are never reachable from the client. On the simulator or a local (non-cloud) build there is no build key, so get(String) returns the cached value if any and otherwise null.

  • Method Details

    • get

      public static String get(String name)
      The secret named name -- from the keychain cache when present, otherwise fetched from the cloud vault and cached. Returns null when it is unavailable (undefined, not app-readable, or offline with no cached copy). The first fetch blocks on the network, so call this off the EDT.
    • get

      public static String get(String name, String defaultValue)
      As get(String) but returns defaultValue when the secret is absent.
    • refresh

      public static String refresh(String name)
      Force a fresh fetch from the cloud vault, replacing the keychain cache. Returns the new value, or null when unavailable.
    • clear

      public static void clear(String name)
      Drop the cached copy of name from the keychain; the next get(String) re-fetches it.