Never store secrets in the resources of your app! (feat. Anastasiia Voitova)

Would you like to tell us the way how should we solve the problem ? 🧐

Excellent Topic, Thanks for sharing your knowledge

the video explains a problems we all know about but I was expected to get a solution presented.
You tell to use obfuscation okay but show it in practise. All I can think about is encoding but like you said: that's easily decodable.
Then you talk about encryption saying it's way more secure. I agree but if when you compile the app, you code need a way to access the key.
What would you encrypt it with ?

So... end of the story, what is the correct way to store API keys?

Як завжди, Настя = топ контент 👍

Awesome video! Very informative. Your guest clarified some important concepts.

Awesome new format! I really enjoy that you bring in a subject matter expert to explore the topic some more. Would love to see more of these.

Is this the same for Firebase/Firestore keys?

Thanks

The way I do it is to bundle the secret encrypted within the app, and on the first run, I get a key from the backend to decrypt it. I perform some basic validations (does the request appear to come from a device running my app?) and then return the key. Client decrypts it and stores the decrypted key in the keychain for later usage. Not safe by any means, but tricky enough to discourage unsavvy snoopers.

Great video! We need to raise our awareness about secure data and PII.

Congratulations 🍾

This was a fun one :)

It was my first time recording a 10-minute video with a guest! This video was awesome to create and I hope you've also enjoyed watching it 🚀