Hiding Secret Keys in Your Flutter App: Comprehensive Guide and Best Practices

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

while building a large scale application we need to deal with several secret keys and hardcoding our secret Keys is really not a good choice if someone has our secret Keys then it can lead to several security vulnerabilities in this video we are going to learn how we can fix this problem and we are also going to learn all the security measures that we can apply to hide our secret keys inside our app so let's start for our example we are going to be using this recipe searching app what we need to do we need to use the search box and we need to search for the item that we want in this case let us search for pizza and it will list all the items that contains pizza and we can search any of the recipes for the items that we want when we click on the item it will show all the ingredients and all these things are coming from in restful API now let us have a look in our app if you check the API fetching logic you will find that we are fetching API from this URL we are also specifying the search query and then we are mentioning our API G so this is our API key but now we are hardcoding our API key directly inside our application this is not a secure way to do cuz if somebody is reading our code files then they can easily get our API keys and they can also use our API key so for security purpose this is not okay so let's do some changes so that we can hide our secret keys for this we will be needing flutter. in the package so simply add flutter. enry package inside our dependencies so we can also use flutter perat command to add the dependency now our flutter. EnV package has been installed let us use it inside our app inside our folder structure we need to create a new file name it as EnV and now here we need to add our key values first key let us make it as API key first let us copy the API key and here we will be creating a variable named API key and we will paste our API key here if you want we can also copy the endpoint in our environment variables so let us just copy the endpoint and here we'll create a new key it will be our endpoint and here we'll paste the URL of the endpoint now we need to go inside our main. file here let us make our main file async and here we will call await env. load here we need to specify the name of our file and our file name was EnV it means that we are loading the EnV file when we are calling the main function now we can access the EnV variables by simply calling EnV do EnV now what we can do here here we can create an init State and inside in it State we can print our environment variable we need to use EnV do EnV and here we need to specify the key let us give the key as endpoint when we will visit our homepage it will print the Endo now you can see that it is printing the endpoint correctly as we have mentioned in our endpoint so this is the way we use EnV variables and access environment variables inside our app so let us do the modifications inside our API fetching Logic Let Us delete the endpoint from here because we'll be accessing it from EnV variable so for that let us use EnV make sure that you are importing the package flutter. EnV and now we need to add EnV and the key our key was endpoint now we need to also do the same thing for our API key only difference will be there the key was API key now we are all good to go let us run and test our app now let us try something different let us search for mango now here it is showing all the recipes that are made using mango so it means that it is working and it is fetching the value from our environment variable instead of the value that we have hardcoded now we need to also perform the same thing for our ingredient fetching logic just simply copy and paste it here we need to specify our endpoint just copy the endpoint and paste it and also do the same thing for API key just remove it and paste it now let's restart our app now let's try to test the ingredients now it is working fine so this is the way we use environment variables but one thing is still left that we need to do here what we need to do here we need to be adding EnV inside our G ignore cuz if we push this repository inside GitHub or anywhere we don't want to include EnV file just add a line EnV it means that we are ignoring EnV file we can also add a multiplication sign it means that it will ignore all the EnV files and now just save it this is a very important step if if you don't do this then it will also push the environment variables then it will have no meaning to do that so that's all for this video I hope that now you will be able to handle your API keys and secret Keys easily and securely so that's all thank you

Info

Channel: Snehasis Ghosh

Views: 1,282

Rating: undefined out of 5

Keywords: Snehasis Ghosh, flutter, flutter tutorial, dotenv flutter, flutter hide secret keys, flutter security, android development, flutter development, flutter_dotenv

Id: WcFil2xGyP0

Channel Id: undefined

Length: 8min 35sec (515 seconds)

Published: Sun Oct 22 2023