I am building a new react native app with expo which uses google maps (MapView library), But, deploying a map with Google Maps requires to explecitly add maps api key in app.json as below :
“android”: {
“package”: “com.myapp.app”,
“googleServicesFile”: “./google-services.json”,
“adaptiveIcon”: {
“foregroundImage”: “./assets/adaptive-icon.png”,
“backgroundColor”: “#ffffff”
},
**“config”: {
** “googleMaps”: {**
** “apiKey”: **“…sensitive & secret value…”****
** }**
** }**
},**
In general, I store all my secret variables in Expo website as described in https://docs.expo.dev/build-reference/variables/#using-secrets-in-environment-variables now i am feeling confused, on the hand, I can’t expose my secret variables in app.json, but, on the other hand it is madatory to expose it to support MapView Library.
is this safe? is there any risk of stealing my api key ? Any recommendation and idea how to proceed?
Thank you
After days of working on this issue, declaring secret key is inevitable, Regardless of whether app uses React Native, Expo, or any other development framework, API keys required for direct connections between the app and an API are public and could be exposed; SOLUTION: Restrict usage of the key ==> Learn how to restrict key for android and IOS, in this way, just your specefic app is allowed to consume the api key,