How to Keep Your API Key Secret in a Swift Tech Test (and Still Use GitHub)

Photo by COPPERTIST WU on Unsplash

So you’ve been given a take-home tech test. We’ve all been there, finger hovering over the enter key to push to GitHub.

Then it occurs to you. You needed to use a API key to call the endpoint and you’ve left that in your code.

You risk not getting the job. You risk being that developer who leaves their key in a public repo.

You’re going to need to handle this properly. You’re going to need to guide your interviewer to be able to add their own API key.

✅ Step-by-step: Hiding your API key in a Swift project

Even if you’ve put the API key in a Constants.swift file, if it’s committed, it’s exposed.

Instead, we’ll inject the key at build time.

1. 🛠 Create a Secrets.xcconfig file

In Xcode:

File → New → File → Configuration Settings File

Name it Secrets.xcconfig and save it in your project (not inside a .git-tracked folder if possible).