react-native-keychain VS starter-workflows

Storing the secret key: Since our db requires a key, it is important to store that key somewhere secure, so we will use react-native-keychain which will store our key securely.

If you're saving simple, KV-like data, have a look at react-native-keychain. On the other side, if you want to save complex "relational" data, have a look at Realm.

by the way, if you want to access the native device keychain, react-native-keychain is the right tool.

What you’re looking for is something like Keychain on iOS: similar to what AsyncStorage is, but secure. Maybe https://github.com/oblador/react-native-keychain could be it for you?

If our application utilizes refresh tokens, we can smartly combine the two previous options together. Upon signup or login, we can store a new refresh token securely on the device using the react-native-keychain library mentioned in the mobile app implementation. Once our session expires, we prompt the user to retrieve the refresh token stored behind biometrics authentication. If the user passes the challenge, we use the refresh token to call the backend and refresh the session/get a new access token.

In the app I'm building, we use react-native-keychain. At its core it's meant to use with authentication, which we DO to store oauth tokens, but I also use it as a "re-entry" into the app after it's been put in background or inactive mode. It's the easiest implementation of biometric auth I've found for RN, and it has the ability to fallback to passcode should they fail biometric. Let me know if you have any questions, happy to help!

I would suggest using: react-native-keychain

So the only place your Peloton Credentials are handled is within the app itself. The app itself is built on React Native, and makes use of React Native Keychain which uses the underlying iOS Keychain/Android Secure Preferences (https://github.com/oblador/react-native-keychain#usage & https://blog.bitsrc.io/using-keychain-in-react-native-and-keeping-the-app-session-alive-ff8f8850119c if you're interested). The initial auth and all further requests are directly to the Peloton API from your device.

AsyncStorage is just an unencrypted text file. Rooted android devices can access and change it easily. For storing sensitive data, you should use react native keychain or expo secure store

GitHub, as one of the leading web-based Git repository hosting service, provides a powerful suite of CI/CD tools in the form of GitHub Actions. These are directly integrated into the platform which empowers developers to increase the speed, efficiency and reliability of delivering products. In this brief article, we will take a look at what CI/CD is, why we should use it, as well as some of its applications in my projects.

GitHub Actions is a modern CI/CD tool integrated natively on GitHub. Itenables the rapid automation of build, test, deployment, and other custom workflows on GitHub with no need for external tools.

GitHub Actions is GitHub's CI/CD solution. You can use it to run automated tasks each time you change your code. Although the platform lacks a built-in Kubernetes integration, third-party plugins such as Azure's Deploy to Kubernetes Cluster action can automate deployments and manage different rollout strategies.

GitHub Actions is a feature-rich CI/CD platform embedded within GitHub, enabling developers to automate, customize, and execute software development workflows directly in their repositories. An Action inside GitHub Actions is a discrete unit of automation that performs a specific task within a workflow. All the Actions are reusable, and there are many to choose from. You can even create your own reusable ones.

actions/starter-workflows

The real power of using PHP code-quality tools is when it’s added to your continuous integration process, which means it automatically checks the code every time someone makes a push or pull request to your project repo. In this section, we'll be looking at how to do just that. GitHub actions is available for free so we'll use it for demo purposes. Note that there are some limits to private repos, so set your test repo to public if you can.

You can even automate the running of this script — hence the directory name automation — to happen every time the data changes, using GitHub Actions.

# Based on https://github.com/actions/starter-workflows/blob/main/ci/node.js.yml name: CI on: pull_request: branches: - main jobs: ci: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v2 with: node-version: lts/* cache: 'npm' - run: npm ci - run: npm run build --if-present - run: npm test

You might remember that I’ve been taking an interest in GitHub Actions for the last year or so (I even wrote a book on the subject). And at the Perl Conference in Toronto last summer I gave a talk called “GitHub Actions for Perl Development” (here are the slides and the video).