Is that right? You can't do anything with it without the team and token ID. I was torn on this. I couldn't find anywhere in Apple's documentation that this was supposed to be "secret" or whatever.
Conversation
Replying to
I was always super cautious about it.
This article says:
"Remember to secure your .p8 key file, as anyone who have it can send push notification to all of your App Store apps! If you suspect the key file might be compromised, please [...] revoke it."
1
1
Replying to
Interesting. That isn't entirely true though, right? Even if someone found the team ID and bundle identifier they would need the key ID.
Hmm...
1
Replying to
Yeah, but I think the cert is the most "secret" part that you need in that trio of keys/ids.
1
I came here to say this too. Private keys are meant to be private. I put my private key into rails credentials. You can feed a StringIO of the key data to Apnotic’s cert_path option.
1
1
In your credentials yaml file you can add:
apns_token_cert: |-
-----BEGIN PRIVATE KEY-----
blah blah
-----END PRIVATE KEY-----
Then tell Noticed `StringIO.new(Rails.application.credentials.apns_token_cert)`
1
3
1
1
Ha! And it’s already merged in and ready to go. Thanks for the heads up Nate. I’ll also submit a PR that this should be the recommended way.
1
2
And done! Thanks for the help both of you!