Secure to store API secret keys in Environment Configuration?

[Devin Carpenter]

Hi, 

so I have secret keys from the API's that my app is using and I am wanting to know if the Environment Configuration would be a secure place to keep these as opposed to storing them in a local config file. Environment Configuration is very convenient for storing public API keys but I'm not sure if it was meant for secret keys.

I've not been able to find anything on the security of the Environment Configuration. Would someone be able to elaborate or post some other information that would be helpful?

Thank you ahead of time.

- Devin

[Ian Barber]

Secret keys are fine - this data is only available to your project. 

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/8f8bfae1-4ce4-4f2d-a1bc-dea3a8b3b00b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Hiranya Jayathilaka]

That's correct. Here's an old Stackoverflow thread on this issue which I found useful: https://stackoverflow.com/a/37484053/5190886

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CANOm2DkA%3DWXuy_VWzMZfhnwuykmd7LOgH8VSyX0DkNapoB7uUw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Hiranya Jayathilaka | Software Engineer | h...@google.com | 650-203-0128