firebase flutter firebase-cloud-messaging

Do I need to protect my firebase Server Key? Can I store it in the source code or is there a way to get it programatically?

Right now I have my Server Key for Firebase messaging hardcoded in my code.

Is this a security problem for when I deploy my app?

Can I get this key programatically?

Solution

Yes it's a security issue, According to this official document at the bottom says.

Important: Do not include the server key anywhere in your client code. Also, make sure to use only server keys to authorize your app server. Android, iOS, and browser keys are rejected by FCM.

And I don't think "get this key programmatically" is good idea because you still downloaded key to the client, or using other way to store in the client.

React website not showing after deployment with firebase
Make sure to call FirebaseApp.initializeApp(Context) first.Default FirebaseApp is not initialized in this process
Firebase authentication error "The given sign-in provider is disabled"
How to manually set the FirebaseAuth User emailVerified status to true
iOS Firebase Crashlytics not showing up crashes in Dashboard
Exception launched when trying to delete a file on Firebase storage ( from Flutter ) even though the file is deleted
Firestore React Js Increment Value by FieldValue without Google Cloud Function
Firebase Authentication: Email validation always returns "Email not registered" in Flutter
Check if a field exists in a document snapshot firestore
Firebase onMessageReceived not called when app in background
SendGrid integration with Firebase trigger email. Error: Invalid login: 535 Authentication failed
cloud function onUpdate inside document
java.lang.IllegalAccessError: superclass access check failed: class org.jetbrains.kotlin.kapt3.base.javac.KaptJavaCompiler?
Make user create a unique username when logging in with Google Sign-In Firebase
Flutter on iOS: redefinition of module 'Firebase'
Default FirebaseApp is not initialized in this process ... Make sure to call FirebaseApp.initializeApp(Context) first
How to disable Crashlytics while in debug mode, in react-native-firebase?
How to resolve “The default Firebase app does not exist” error when calling Cloud Functions v2 from a client app?
Deleted composite indexes in firestore but my queries are still working
How do you add non-text parts to a multiturn chat with Gemini / Vertex AI?
How to remove data on logout when using firebase and react query?
Firestore: GrpcConnection RPC 'Write' stream 0x48b21b62 error. Code: 13 Message: 13 INTERNAL: Received RST_STREAM with code 2
Expected type 'Firestore$1', but it was: a custom Firestore object
java.lang.NoSuchMethodError: No static method registerDefaultInstance with Firebase Performance and Espresso Instrumented Tests
TextEditingController doesn't clear the text after .clear()
Query firestore database for document id
[Firebase Auth]: [firebase_auth/unknown] An internal error has occurred. [ BILLING_NOT_ENABLED ]
Firebase Auth with Google as an IdP expires ID token frequently and why?
Correct Way to use Environment variables for Expo Application using EAS build process?
Android: How To Fix Blurry Google Profile Image Taken From Firebase?