How/where can credentials be saved securely

I would like to store credentials for a server (e.g. nakama), API keys etc and want to avoid using plaintext. How can this be achieved?

The nakama/defold documentation has the nakama credentials stored in a .lua file, but I don’t think this is secure, since this can be easily read when analyzing the .apk for example.

Any ideas?
Thank you :smiley:

The Lua file will be compiled to Lua byte code, and then also encrypted. The default encryption of the Defold resource archive will prevent a casual observer from obtaining the source and any credentials, but if you want to tighten security a bit more you add your own encryption module or swap out the default encryption key. You can read more about this here:


Ok, thanks. I will have a look at that document.