0

I am working on a flutter chat app on android and ios.

Unfortunately, I pushed my full working folder to my GitHub repository and later on received an email from GitHub that my API keys are compromised.

After I looked online, I found out that Firebase API keys are not secret, thus it doesn't matter exposing them.

Is this true? In the case that it's not, can anyone explain to me what to do? Thank you in advance!

Improve this question

1 Answer 1

Reset to default
1

Is always recommended to do not share any keys on public directories.
You probably got this warning email because your repository is public
Some recommendations for projects that are having secret keys are the following

  1. Make the GitHub repository Private
  2. Include the file path that has the key in the .gitignore file so it will not committed to the repository
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for your answer. Should I regenerate the API keys or just let it as it is before including them in the .gitignore file ?
Yes regenerate them just to be sure

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.