I'm just starting to learn to code. Providing example code would be fantastic.
I developed a simple android application (native Java) using Firebase. I have several API keys hard-coded into the resources of my application. I read that it is better to store these keys on a server. I currently do not have my own domain or server, but I am interested in using Firebase Hosting to store these API keys.
I would appreciate some help setting up the foundation for storing and retrieving these API keys through Firebase Hosting. I am open to other suggestions if they are simple and secure.
Thanks!
Your (mobile or web) clients should never include the Secret for your Firebase. At some point somebody will reverse-engineer your code, extracts the Secret and with those be able to read/write all data in your Firebase database. The only thing you'll be able to do at that stage is revoke the Secret, which will make all clients fail.
Firebase hosting allows you to store static resources only. So while you can store your API keys on Firebase's hosting servers, it wouldn't help much for security. It will still be readable by everyone.
What you should instead be doing is using regular Firebase authentication in your clients. This is covered in Firebase's guide for user authentication on Android. A good example of this can be found in the Firebase Login Demo for Android.