I would like to store credentials for a server (e.g. nakama), API keys etc and want to avoid using plaintext. How can this be achieved?
The nakama/defold documentation has the nakama credentials stored in a .lua file, but I don’t think this is secure, since this can be easily read when analyzing the .apk for example.
Any ideas?
Thank you 
The Lua file will be compiled to Lua byte code, and then also encrypted. The default encryption of the Defold resource archive will prevent a casual observer from obtaining the source and any credentials, but if you want to tighten security a bit more you add your own encryption module or swap out the default encryption key. You can read more about this here:
Ok, thanks. I will have a look at that document.