Reputation: 23
how make secure key.properties file in flutter
as we write passwords in key.properties file for signing flutter APK. its not dangerous? how we can make it secure after debugging and reverse engenearing?
storePassword=
keyPassword=
keyAlias=
storeFile=
Upvotes: 1
Views: 2130
Answers (2)
Reputation: 1935
To keep the file private, add it to the .gitignore file:
**/android/key.properties
Upvotes: 1
Reputation: 2007
This is already a secure mechanism that is followed by Android. Full Article : Article to refer
In Brief:
Creating a keystore file is quite similar as storing configs in environment variables, By default if you generate or sign app using android studio it stores the credentials directly in the gradle file so instead of this when we are working in teams we store these in a different file which is not included when we build and also can be excluded when from source control using .gitignore
So we use this keystore variables while signing the app instead of hard coded strings.
Another reason is the .jks file which is indeed really important exists on your pc only and without which you cannot compile the app.
There are practices that you can follow to ensure security like using Proguard and code obfuscation, flutter still is in growing stage so they would likely ensure the use of NDK with which one can write the files natively into .so files, which are much less likely to be decompiled than APKs.
Upvotes: 1
Related Questions
- How to generate or create private / public key in flutter?
- How to store API keys in Flutter
- Flutter Issue | Keystore file not set for signing config release
- How to pin public key of SSL certificate in flutter?
- How to store AES Private key in flutter project?
- What is the correct syntax for .env file for flutter for my API key
- key.properties flutter APK build
- Flutter Use the RSA encrypt package
- How to keep the keystore file private on flutter?
- How to securely store API keys in Flutter?