10

To enable the Google Maps SDK you must update: android/app/src/main/AndroidManifest.xml for android, and ios/Runner/AppDelegate.m for ios with your API key.

The problem:

I don't want to check in my API key into source control.

Is there a way to hide this key with a .env file and .gitignore?

What is best practice here?

Improve this question
6
  • 3
    Maybe this could help? Atleast for android, hiding it inside the gradle.properties file Commented Aug 20, 2019 at 14:49
  • Looks like that is probably the answer for android, then something similar in ios. I was hoping there would be a way to inject the key using dart, but 🤷‍♂️ Commented Aug 20, 2019 at 14:56
  • If your key is properly secured, why would you need to hide it? developers.google.com/maps/api-key-best-practices Commented Aug 20, 2019 at 15:22
  • 1
    @MrUpsidown I'm not sure what you mean. That documentation says "Do not embed API keys directly in code." and "Use environment variables". My question is: How do you do that in a flutter project? Commented Aug 20, 2019 at 17:06
  • Right, they say that indeed. For web pages, you can't hide the key anyway. For mobile apps, there are restrictions that you should/must apply (package name, certificate, etc.). Makes sense to not want to see it in source control, but you should still be safe if it was publicly released for some reason. But sorry I can't tell you how to do that in flutter; not my area. Commented Aug 20, 2019 at 18:05

5 Answers 5

Reset to default
21

You can set your api keys as environment variables which can be read during build on your local machine only. Create an env variable MAPS_API_KEY="your-key-here", then add these lines to [your-project]/android/app/build.gradle

 defaultConfig {
        manifestPlaceholders = [mapsApiKey: "$System.env.MAPS_API_KEY"]
    }

and then you can use the mapsApiKeys to pass your api keys in AndroidManifest.xml

 <meta-data android:name="com.google.android.geo.API_KEY"
                android:value="${mapsApiKey}"/>

For ios, add these to AppDelegate.m

NSString* mapsApiKey = [[NSProcessInfo processInfo] environment[@"MAPS_API_KEY"];

[GMSServices provideAPIKey:mapsApiKey];
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

how do you create an env variable ?
you can create them from your terminal by typing MAP_API_KEY=some-value or SOMEVARIABLE=some-value
ok. that's what I did but wasn't sure. thx. also, when I build then depliy the app, there will be no way for anybody to see the key by decompiling my app? that's superbe !
I tried to follow this recipe on Windows using Powershell, $Env:MAPS_API_KEY = "<api-key>", and get API Key: null when running in Android Studio.
I use linux so i dont know if thats how environment variable named MAPS_API_KEY is set in the powershell. Is that what you were trying to do ?
|
4

Starting from Flutter 1.17 you can use compile-time variables for this. Just use --dart-define key in flutter run or flutter build commands. Then you can use them in your iOS or Android code. Here is an article with some explanation and samples

Improve this answer

1 Comment

Could you provide a more detailed answer? The link is for a Medium article that requires a subscription to read.
1

You can save your keys in a separate file, and add that file to .gitignore. Then if you push your files to the repository, that file will be ignored.

In case you have a new colleague, who needs to start working on the same project, you will need to share this file with them. After checking out the project from the repository, they will need to place that file in the same directory as it was originally.

Improve this answer

Comments

1

@Kushal Billaiya's solution didn't work for me, as it overrides existing manifestPlaceholders. What I did instead was the following:

First, still set your Google Maps API Key as an environment variable named MAPS_API_KEY. I do this via the run configuration, but other ways exist.

Then in the android/app/build.gradle file (Important: There are 2 build.gradle files. You want the one inside the android > app folder), add one line to the defaultConfig:

defaultConfig {
    ...
    manifestPlaceholders["mapsApiKey"] = "$System.env.MAPS_API_KEY"
}

And in the android/app/src/main/AndroidManifest.xml file, you can add this line inside the <application> tag:

<meta-data android:name="com.google.android.geo.API_KEY" android:value="${mapsApiKey}"/>
Improve this answer

Comments

0

I've been living with my Google Maps API key hardcoded in my Flutter app for iOS for a long time, but today I decided to solve it once and for all, but even after reading many articles and blogposts I didn't find a solution that is simple enough.

Then I thought that I can just read the API_KEY from GoogleService-Info.plist file in my AppDelegate.swift, like this:

if let path = Bundle.main.path(forResource: "GoogleService-Info", ofType: "plist") {
    let nsDictionary = NSDictionary(contentsOfFile: path)
        
    if let apiKey = nsDictionary?["API_KEY"] as? String {
        print("AppDelegate: API_KEY found")
        GMSServices.provideAPIKey(apiKey)
    }
Improve this answer

4 Comments

You are using your Firebase API key as a Google Maps API key ?
I don't remember :)
Do you have your GoogleService-Info.plist excluded from source control? Do you have a process that generates it or pulls it or is it manually created in each new environment?
My GoogleService-Info.plist is in 1Password, and I have a script that calls 1Password CLI to create it. I run this script every time I clone the repo (including on CI).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.