Storing your secret keys in Flutter

The most secure way to protect your confidential information is not to include them in your application. Even in native development (Android, for instance), extra steps are necessary to hinder someone from retrieving the keys, by disassembling the program. I am writing this because I faced the same issue in Flutter, as other people, who were looking for something similar to local properties in Android.

The most recommended approach I have found is using text assets. In Flutter you just need to load your file containing your secret keys as if you were loading any other asset.

For example,

import 'dart:async' show Future;
import 'package:flutter/services.dart' show rootBundle;
Future<String> loadAsset() async {
  return await rootBundle.loadString('assets/config.json');
}

As is shown here in Flutter docs: https://flutter.io/assets-and-images/#loading-text-assets

That is the shortest way. You can load a JSON, then parse it with dart:convert, and have your keys. But for this example, let’s make it a little more elaborate.

First, let’s create a file called secrets.json that will keep our secret API keys. And store it in the root directory of our project. Remember not to commit your secrets.json file to version control.