Secrets Overview
RetroDev.Secrets is a security-focused package that protects sensitive data like API keys, tokens, and credentials from being extracted through datamining or decompilation tools.
Get RetroDev.Secrets here
The Problem
Unity games can be easily datamined. Players can extract your game files, import them into Unity, and access any data stored in standard ScriptableObjects - including API keys, authentication tokens, server URLs, and other sensitive credentials. Tools like ILSpy can decompile your code and expose hardcoded secrets instantly.
This creates serious security risks:
- Exposed API keys leading to unauthorized access
- Stolen server credentials
- Compromised authentication systems
- Potential financial losses from API abuse
How Secrets Solves This
Secrets stores your sensitive data in a way that’s protected from standard datamining techniques. Instead of storing values in plain ScriptableObject fields that are trivially accessible, Secrets uses a secure storage mechanism that makes extraction significantly harder.
Key Features
- Editor-based management: Add, edit, and remove secrets through a dedicated editor window
- Runtime API: Simple, clean API to retrieve secrets during gameplay
- Hidden from decompilers: Values are obfuscated from tools like ILSpy
- Type-safe storage: String-based key-value pairs with serialization support
- Zero runtime overhead: No performance impact on your game
When to Use Secrets
Use Secrets for any sensitive data that shouldn’t be publicly accessible:
- API keys for backend services
- Authentication tokens
- Server URLs and endpoints
- Payment gateway credentials
- Analytics tracking IDs
- Third-party service keys
- Any credentials that could be abused if exposed
Note: This is designed for client-side secrets only. For maximum security, sensitive operations should always be handled server-side with proper authentication.
Installation
The Secrets package is included with RetroDev tools. Access the editor through the Unity menu:
RetroDev > Secrets Editor