Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to securely store secret keys on react-native client side?

Tags:

react-native

Let's say i'm building a react-native app with firebase, which assumes having secret key in app. Is it possible for someone to steal the key? If so, then how do i protect it?

like image 232
stkvtflw Avatar asked Nov 16 '16 16:11

stkvtflw

People also ask

How do I store API keys securely React Native?

If you must have an API key or a secret to access some resource from your app, the most secure way to handle this would be to build an orchestration layer between your app and the resource.

Where do you keep the secret key in React?

To store the API keys, create a new file called . env in the root directory of the React application. You can now access the API key in any file in the React app using process.

How do I hide API key in React Native?

We'll hide our sensitive information by storing it in the . env or dotenv file. It's a text config file that helps us control the constants across our projects. You can create one in your by simply creating a new file and calling it.

How do I encrypt in React Native?

Overview. You can encrypt the realm database file on disk with AES-256 + SHA-2 by supplying a 64-byte encryption key when opening a realm. Realm transparently encrypts and decrypts data with standard AES-256 encryption using the first 256 bits of the given 512-bit encryption key.

1 Answers

There's no 100% secure way to store anything secret on the device because you have no control over access to the source. The only way to guarantee security of your keys is to never have them on the device in the first place.

Any solution you find will have a flaw, illustrated quite nicely by this article by Michael Ramirez

You need to strike a balance of how secure you really need those keys to be.

For example on Android we store some of our keys we care less about for Google and other APIs in a res/values/secrets.xml string file, which is not committed to version control. It's easy for someone to strings out_app.api, but we've already decided to care less about securing those keys.

<resources>
    <string name="google_api_key">OurApiKey</string>
</resources>

If you're working with ReactNative on Android & depending on the types of key you want to store, you could make use of the Android Keystore System using the Keystore API however I don't think this will work for storing Firebase keys.

like image 122
Rob Avatar answered Oct 10 '22 03:10

Rob
Sign in to Comment

Related questions

Drag, drop, and swap items animation?
Synthetic scene stack (history) with React Native Router Flux
Is it already possible to use top-level await in react-native?
React Native - Pagination of ListViews in ScrollView?
How do I listen to physical buttons with react native? [closed]
React native deploying on iOS device stuck on Running 1 of 1 custom shell script
Flow types for react-native's Animated library
React Native 0.57.x <Image/> large images low quality
React native ScrollView disable one direction on condition
React Native FlatList nested inside FlatList with same orientation
Process 'command 'node'' finished with non-zero exit value 1
how to debug when react native app doesnt start on ios device
RNFirebase core module was not found natively on android
How to wait for Redux Persist to rehydrate before ending test
react native Fetch Network request failed on android
Force React Native Web View to Ignore cached version of webview
Where to put API calls in React/Redux architecture?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!