How do I prevent my Google Maps API key from being exposed in my git repository when using Expo?
Question
Problem is that my Google Maps API key is in the Expo app.json config file under the path expo.android.config.googleMaps.apiKey and is exposed to my git repository.
This is a problem because my git repository will be public and while my keys are protected in the Google Maps Platform, API keys in general should not be easily exposed as it serves a security risk.
I have tried masking the app.json away from the repository by adding it to .gitignore and creating a replica of it called app.template.json with the API key redacted.
- This caused a prebuild error when using
eas build: I assume this is a bug with Expo/EAS upload archiver/prebuild parser.
Project must have a
android.packageset in the Expo config (app.json or app.config.js).
- This also caused me having to keep 2 different files up to date at minor changes, such as version.
I have no use of storing the API key within the application itself - because the key needs to be configured in the Android manifest (or somewhere outside of my control...).
- Which means the accepted answer here, How can I store Google Maps API keys not using app.json? , does not actually answer the question.
1 answers
solution1
1 ACCPTED 2022-11-17 01:25:31
You could use git-crypt: https://buddy.works/guides/git-crypt . I have used this in the past when we had a repo that contained configuration files with passwords etc.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.