Open nelsonic opened 4 years ago
miguelmartins17
commented
4 years ago This morning I will focus on reading this first article to understand if the error is in the use of the API key.
https://medium.com/flutter-community/use-environment-variables-in-ci-cd-for-flutter-apps-cbd6d9ac82c
nelsonic
commented
4 years ago @miguelmartins17 good plan. π You may need to ask Google a few more questions in this quest. π As you discover other useful links, please share them. π
miguelmartins17
commented
4 years ago @nelsonic Where should I put the summary information of what I understood about the first article, should be shared in the learn-flutter?
miguelmartins17
commented
4 years ago This link can be useful for learning:
miguelmartins17
commented
4 years ago Relevant Reading / Watch:
miguelmartins17
commented
4 years ago @nelsonic What should we add here to improve the issue to provide more information about the environment variables?
nelsonic
commented
4 years ago Miguel, what we need is an example written in our own words for how to use Environment Variables in Flutter/Dart. If you feel that the links you have shared above do a good job of explaining how to use Environment Variables in Flutter then summarise the instructions.
miguelmartins17
commented
4 years ago @nelsonic Sure, I'll work on it.
sesam
commented
3 years ago Is this an exercise, or are you looking for a potential implementation? On Flutter, since it's compiled code, the environment variables are compiled into the app statically. That means anyone who gets hold of the app (or the .apk file) can extract these keys. There's not really any way around this for real. But maybe you want to use personal tokens that the app's users can use for a short time and that have to be renewed? That way you can at least gradually increase the controls imposed on which users can access what, and you avoid exposing any service account keys directly to anyone who can find a tool that can analyse the app.
frencojobs
commented
3 years ago Regarding environment variables in Flutter, even though no way is actually safe because the client gets a hold of the apk file, I had an idea that seems a bit better. So I made this package called envify which builds environment variables directly into the source code instead of using them in the runtime as an asset. In my experience, envify is a better/safer option than flutter_dotenv for most use cases. I also added an explanative README.md.
So check that out pls :v:.
GoncaloPT
commented
1 year ago Just bumped into this issue from google search and ended-up trying to learn more about this project. Not even sure if this is still active π ... Have you ever thought of loading env variables from an external service? Git, microservice or other?
Wouldn't it be great to be able to change those variables without having to release a new version of the app?
nelsonic
commented
1 year ago @GoncaloPT good Google detective work. π π π
This repo is just capturing our learning on Environment Variables; π
it's not super active though PRs are always welcome. π
For the most part we are able to update our Environment Variables π
and do a zero-downtime graceful restart β»οΈ
of our Elixir/Phoenix App without needing a new release. π
But we haven't figured out how to do this in Flutter ... π€·ββοΈ
Any insight into how to achieve this would be great! π
GoncaloPT
commented
1 year ago Sure @nelsonic. I have this goal in the backlog of the flutter app I develop ( enterprise ). I will update this thread with the conclusion(s) of the subject. π
As a
developerbuilding an Open Source cross-platform mobile app using Flutter I want to use environment variables in my Flutter App So that all my code can be open on GitHub without exposing any sensitive API keys.Todo:
Related to: https://github.com/dwyl/learn-flutter/issues/37 Giphy API key.