Security & Credentials

Shipping means handling credentials — Steam and FTP passwords, Discord and Slack webhook URLs. Build & Ship is built to keep those secrets safe and to keep the tool itself out of your player builds.

How credentials are stored

Every secret field (Steam password, FTP password, webhook URLs) is stored AES-256 encrypted inside the profile asset, using a PBKDF2-derived key with a random per-field identity, via Sparrow.Utilities. The plain text never sits on disk. Decrypted values only ever live in memory, cached to avoid re-running the key derivation on every read.

Secrets never reach the log

Passwords and webhook URLs are excluded from every log line. When Build & Ship runs external tools (butler, steamcmd), their process output is redacted so a secret can never leak through a tool’s own logging, and the argument line that carries a secret is never logged.

Recommendations

  • Steam: prefer cached steamcmd credentials over a stored password — run steamcmd +login <user> once to handle Steam Guard, then leave the password field empty.
  • FTP: enable Use FTPS whenever your server supports it — plain FTP transmits credentials unencrypted.
  • Delete Remote First: only enable it when the remote directory contains nothing but this build. There is no undo.

Nothing ships to your game build

The entire package lives under an Editor/ folder, so Unity strips it from player builds. Profiles are plain assets that are not referenced by any scene, so neither the tool nor your stored credentials can end up in a shipped game.

Was this page helpful?