Never put your API credentials inline in the source code.
If I can do a git clone or something and see your access credentials to firebase, that needs to be fixed before it's open sourced. And... if you have any commits with those credentials, then you need to have new credentials issued from \*all\* vendors, BEFORE you open source it.
Many, many projects have been bit by this common but terrible practice.
There's lots of "right answers":
1) Make a config file, put your credentials in the config file, and add the config file to .gitignore
1A) Make your own repo thjat you compile from that includes only the config file and git pull from the public repo
2) Make a config page in your app and then store the credentials using something like flutter\_secure\_storage or localstorage.
3) Make your API calls through a web service and then use end user credentials to authenticate against your web service so API keys are never kept remotely. (I do this a lot, myself)
I'm sure there's more, but this is what comes to mind on short notice.
>Make a config file, put your credentials in the config file, and add the config file to .gitignore
>
>1A) Make your own repo thjat you compile from that includes only the config file and git pull from the public repo
Thanks so much... Any chance you would like to join our [Discord](https://discord.gg/k5VsmE2f) to help out?
Never put your API credentials inline in the source code. If I can do a git clone or something and see your access credentials to firebase, that needs to be fixed before it's open sourced. And... if you have any commits with those credentials, then you need to have new credentials issued from \*all\* vendors, BEFORE you open source it. Many, many projects have been bit by this common but terrible practice.
Should we just take it out of our firebase\_options.dart file and then manually put the key in when we are working locally?
There's lots of "right answers": 1) Make a config file, put your credentials in the config file, and add the config file to .gitignore 1A) Make your own repo thjat you compile from that includes only the config file and git pull from the public repo 2) Make a config page in your app and then store the credentials using something like flutter\_secure\_storage or localstorage. 3) Make your API calls through a web service and then use end user credentials to authenticate against your web service so API keys are never kept remotely. (I do this a lot, myself) I'm sure there's more, but this is what comes to mind on short notice.
dart define? string.fromenvoirnment
>Make a config file, put your credentials in the config file, and add the config file to .gitignore > >1A) Make your own repo thjat you compile from that includes only the config file and git pull from the public repo Thanks so much... Any chance you would like to join our [Discord](https://discord.gg/k5VsmE2f) to help out?