Providing private, user-specific, to apps

[xtramural]

What’s the best way to provide apps with private, user-specific, information such as API keys, authentication tokens, and the like.

[joerick]

The functionality is available, via settings.json, but it's poorly documented at the moment. you can see the thought-process evolve in tingbot/tingbot-python#20

There's some documentation here on settings: https://tingbot-python.readthedocs.io/en/latest/settings.html

While the above documentation is functional, it doesn't say how settings should be used - we need to have a strong convention of how settings are used, and should document this somewhere.

---

This is how I imagine it works:

Users should distribute a default_settings.json with their app, which includes all the settings that can be set (and defaults where appropriate), and then a settings.json, which would contain settings (e.g. temperature_units) and sensitive information like API keys (e.g. yahoo_api_key). settings.json should be gitignored so those details don't become public when the app is shared.

---

Aside - local_settings.json is used for settings that are set from within the app itself. They should remain specific to the device. Our tooling (tbtool) explictly doesn't copy these when running or uploading to the Tingbot.