Securing Secrets in Flutter
A Step-by-Step Guide to Concealing Secrets
Introduction
You’ve probably heard the mantra, “Never commit this key to your code”. Developers frequently use this phrase to caution against adding sensitive information, such as API keys, secret keys (also referred to as primary keys), or any other classified data, to source code repositories. Often, these keys are synonymous with gaining access to a service.
Let’s take an instance where you are integrating Google Maps into your Flutter application. You would need an API key from Google for this purpose. With this key, Google can determine whether the request originated from your app, and subsequently, whether to process it or not.
But why should you conceal your secret key? Let’s discuss this further.
The Importance of Hiding Secrets
Remember, source code can be incredibly leak-prone, even within private repositories. You may believe that your small team is safe from this issue, but it can occur unexpectedly. Take, for example, an incident in our humble team when a developer opted to publicly display our code base on GitHub. So, before securely housing your secrets in a repository, mull over the following aspects:
- Generally, all engineers…
