I am quite new to expo and react-native (create-react-native-app) and I am facing an issue where after many research I am seeing the problem but not the solution.
I developped my app which is supposed to be only frontend, no need for database or authentication but still I do need to use Google Places API and an email sending provider API (which could be sendgrid, mailjet...) and I am facing this issue which I thought I would not be the first one to face :
I read everywhere that you should not store any SECRET KEY in your app and I understand why. But I can not find anywhere a simple solution not to ?
I found the following package :
https://github.com/goatandsheep/react-native-dotenv but I doubt it solves this issue as it also keeps everything in the app.
I found the following readme :
https://github.com/EQuimper/blog/blob/master/content/post/where-do-i-put-secret-key-in-expo-project.md but I really don't think it makes anything secure.
I really hope someone could lead my way to the easiest solution to solve this issue. And if the solution is : have a backend and use this auth service, please be so kind to develop it a bit more (any tutorial somewhere or additionnal info ?)
It is very frustrating to see I have my app fully ready but I can not put in online for security reasons.
Thanks a lot in advance.
As you say, the solutions you propose will not serve to protect your secret keys in production.
The only way is to use the backend.
You can use JSON Web Tokens to make authorized requests via encryption to receive that data in the front. This way the client will not be able to see any confidential information, and will only be able to use the keys indirectly and always through our channel.