Reputation: 1680
Storing API keys in a Flutter Firebase app? Do I need to hide them? How?
I am developing an iOS/Android app with Flutter and Firebase (mainly Cloud FireStore and Firebase Auth). According to the Firebase documentation/example, they just put the API key along with the googleAppID straight into the app's source code. This to me seems very insecure, but at the same time I did hear that dart is compiled AOT. So what is the best practice for putting the Firebase API keys in a Flutter app?
Any response is appreciated!
Upvotes: 4
Views: 5661
Answers (1)
Reputation: 17123
That example is usually not followed. The key is stored in the google-services.json file or the equivalent for iOS that should be added to the project following the Firebase setup instructions. This removes the issue with people easily knowing your key. I don't believe it would matter if someone did however as the key is intended to be public.
Upvotes: 1
Related Questions
- Correct way of storing API Keys in flutter following best practises
- Where to store api keys in Flutter web?
- How do you save API keys without exposing them in the first place?
- How to store API keys in Flutter
- Do I need to protect my firebase Server Key? Can I store it in the source code or is there a way to get it programatically?
- What is the best way to store api keys on flutter?
- Securely Saving API Keys In Android (flutter) Apps
- How to hide API Keys in flutter and still be able for your team to use your code base?
- How to securely store API keys in Flutter?
- How to externalize Firebase keys / Google Maps API Keys in a flutter project?