How to use Doppler with mobile applications can depend a lot on your specific situation. Ultim...
Locked out after enabling SAML SSO
If you've enabled SAML SSO on your account and the configuration wasn't quite right such that you're locked out, there is actually an easy way to get back into your account! When you enable SAML SSO, we send out an email titled SAML has been enabled that looks like this:
As you can see, it includes a Disable SAML button. The link that button follows is valid for 24 hours from the time you enabled SAML SSO. So, just click that button and it should disable SAML SSO on your workplace so you can log in via the same method you were using prior to enabling it.
How to use Doppler with mobile applications can depend a lot on your specific situation. Ultimately though, it's almost impossible to ensure that hard-coded keys in your binary application won't leak – even if they're stored using encryption, obfuscation, etc. Very motivated attackers will always be able to extract them.
As such, our recommendation for using secrets with mobile applications is to deploy a separate backend application that proxies all your requests that require secrets (e.g., requests to third-party APIs). You can store your secrets in Doppler and use them with your backend without the mobile app needing access to them at all. When your mobile app needs to make an API request it then contacts your backend application which makes the actual request.
Although this does add a little complexity to the application, it will preserve the integrity of your secrets and will also allow you to do things like apply API limits or throttles to specific user accounts before it hits the API you need it to. Another benefit is that you can easily update credentials for all your deployed apps without requiring end users to update the app on their devices.