I'm meddling around with .net MAUI a bit. I'm trying to figure out where to store an api key. In android studio I would create a secrets.xml in the resources folder and add that file to the .gitignore. For some reason I cannot find how to do this in .net MAUI. What is the normal way here to deal with secrets that you do not want in the .git but do need to end up in the compiled code?
You can not directly save your secrete into local storage without putting it into a code. You need to fetch it from somewhere via some API call.
There are two ways:
Use Azure KeyVault to store such secretes and fetch these secretes using Azure Functions. Steps for Xamarin.Forms app given here. And same applies for .NET Maui app too. NOTE: We must use Azure Functions to read secretes from KeyVault and provide them in response. Mobile app should call this function endpoint to get secretes we need from KeyVault. Azure KeyVault is not free of cost. Check prizing here.
Create an API which gives you this subscription key in response as encrypted format. This API should not be authenticated API and should work without any Token, means you should encrypt your response for security concerns. Then make a call to this API in your mobile app and decrypt it and use it where you need.