androidjsonflutterfirebaseapi-key

How can I use Environment Variables for my flutter/firebase API key, app id, etc. In my google-services.json and firebase.json file


I want to upload my flutter projects to GitHub, without publicizing my API keys, I have already secured my firebase_options.dart file by removing it entirely and creating a ". env" file separately and using the flutter_dotenv dependency and manually input the firebase Options as my app is purely for android. My issue is that afterwards i found out that I might also have to secure the google-services.json & firebase.json files to hide my API key.

I already tried looking up ways to do this exact same thing, but I couldn't find any answers to it. I haven't learned any node.js or javascript or many other languages other than dart, python, java, C++ and C#, as such I would appreciate easy to understand answers preferably in a step-by-step fashion. I know it's rather demanding of me but I'm rather afraid of losing my API Key due to all the horror stories I keep hearing about it.


Solution

  • It's recommended not to upload google-services.json & firebase.json to GitHub, but they're not super secret. You should make sure your security rules are set up correctly though, otherwise attackers could run up your usage bill.

    These keys could be extracted from your app either way and they only identify the attached projects and URLs.

    For more details: