Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to securely store API keys in Flutter?

Tags:

environment-variables

flutter

dart

dart-pub

I'm using the googleapi's Flutter package and to use the Google Drive API, I need to put in credentials. My question is, how can I securely store them in my app so when I publish my app, they can't be taken. I found a cool package, flutter_secure_storage but to use it, I need to put all of my values into the secure storage. So how can I do that? I was thinking of using something like this, but I'm not sure. It would be great if someone could put me in the right direction as to how to do this by the book so to speak.

To further explain, I don't want to have my sensitive information in a file such as main.dart as a variable to put into storage (if it isn't there already).

like image 647
Benjamin Avatar asked Sep 29 '19 00:09

Benjamin

People also ask

Which is the most secure method to transfer API key?

HMAC Authentication is common for securing public APIs whereas Digital Signature is suitable for server-to-server two way communication. OAuth on the other hand is useful when you need to restrict parts of your API to authenticated users only.

Is API key secure?

API keys aren't as secure as authentication tokens (see Security of API keys), but they identify the application or project that's calling an API. They are generated on the project making the call, and you can restrict their use to an environment such as an IP address range, or an Android or iOS app.

Are Flutter apps secure?

Flutter provides various security and authentication plugins. By integrating a sign-in plugin, developers can easily add an authentication check to an app. > Leaking of sensitive data — Nowadays mobile apps contain all kinds of sensitive data, from IDs, passwords, PINs, financial details, and more.

2 Answers

You can do this by using the flutter_dotenv package.
Create a .env file in the root of your project: 

GOOGLE_API = API_KEY

Add the .env file to your assets bundle in pubspec.yaml 

assets:
  - .env

Add the .env file as an entry in your .gitignore if it isn't already

.env*

Access variables from .env throughout the application

DotEnv().env['GOOGLE_API'];

Read more on how to install and use the package here: flutter_dotenv

like image 51
mjhansen3 Avatar answered Oct 17 '22 17:10

mjhansen3

I advise you to create a database to store your keys. You can set up a small backend connected to your base that you contact, So you can implement all the security you want. This is the safest way

like image 1
N. Henoc HOUNSA Avatar answered Oct 17 '22 18:10

N. Henoc HOUNSA
Sign in to Comment

Related questions

Stretchy header effect
flutter doctor --android-licenses does not work
Converting http response to a Flutter list
How get user id in flutter firestore
WebView in ListView without assigning its dimensions
How to draw overlapping circles
Flutter. How to test that there is no overflows with integration tests?
How to get device id in flutter
It's possible run code like a "background service" when the app is closed using flutter?
How to pass a generic type as a parameter to a Future in flutter
Flutter bottom overflowed by infinity pixels
How to clear data when back button pressed
How to give a dynamic padding value to Padding widget?
Canvas drawImage scale height and width in CustomPainter
How to do time based events in Flutter/Dart?
Flutter: How to add multiple Firebase projects to my Flutter project
any alternative SQL for flutter rather than sqflite [closed]
Get InheritedWidget parameter in initState
Navigate while Widget state build is being executed
Draw an image with custom Size and Rotation into a CustomPaint in Flutter

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!