Travis Lange avatar image
Travis Lange asked

How to revoke Developer Secret Key set in PlayFabSharedSettings.asset?

If I were to need to revoke the Developer Secret Key set in PlayFabSharedSettings.asset by the UnitySDK, how would I go about doing that? I don't see it in the Secret Keys section of the Web Portal / Game Manager for the title.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Jordan avatar image
Jordan answered

Can I ask why you are wanting to revoke the key? If you have security concerns, you may note Marco's response in this thread regarding the safety of the secret key in Unity builds:

"You'll notice that DeveloperSecretKey is not even available at compile time if these pre-processor directives ENABLE_PLAYFABSERVER_API || ENABLE_PLAYFABADMIN_API || UNITY_EDITOR

This means that the .asset file will not contain any information for developer secret key when compiled as a GameClient. The property is not hidden, it simply does not exist if Server or Admin are not enabled.

So you shouldn't worry, you are not exposing the developer secret with client builds."

To reiterate, be sure to disable the Admin and Server API settings in the PlayFab Editor Extensions window in Unity for your final client build, as discussed in this thread.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Travis Lange avatar image Travis Lange commented ·

Ya we are aware of that thread. We had recently seen an incident where a dev accidentally published their key to an open-source repo for an asset they were developing. It got us to thinking about all the things that can go wrong (accidentally publishing the key to an open-source repo, accidentally having the server api checked in a client build, accidentally showing the key during a live stream of game development, etc.). Point is there is a lot that can go wrong and mistakes do happen. We just wanted to know how to swiftly revoke our key if Murphy's Law ever decided it wanted to give us a hard time.

0 Likes 0 ·
Sarah Zhang avatar image Sarah Zhang Travis Lange commented ·

You can navigate to[YourTitleId]/settings/secret-keys, check the box of the corresponding secret key, then click the delete button.

0 Likes 0 ·
Brandon Phillips avatar image Brandon Phillips Sarah Zhang commented ·

@Sarah Zhang @TCROC Unfortunately, the key generated in the Unity SDK (specifically, the key available in the Editor Extension) is not populated in Title Settings. From what I can find, as far back as 2017, it was in the works to update the Web UI to include the key generated by EdEx, but that doesn't seem to be the case today. It looks like the only way to ensure the key you're using can be revoked is to manually generate the key and assign it in your code.

0 Likes 0 ·
Show more comments
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.