{"id":616,"date":"2021-04-08T19:12:22","date_gmt":"2021-04-08T13:42:22","guid":{"rendered":"https:\/\/askadmin.com\/?p=616"},"modified":"2021-04-08T19:12:22","modified_gmt":"2021-04-08T13:42:22","slug":"though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical","status":"publish","type":"post","link":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/","title":{"rendered":"Is it secure to use Firebase remote config to Store API keys ?"},"content":{"rendered":"

Google Firebase remote config\u00a0 is one of the google free firebase tools<\/a> which opens lot of possibilities in mobile app development when it comes to managing dynamic app configuration .<\/p>\n

Of Course\u00a0 for your android or iOS app , you can always have your own backend database systems to pull dynamic configuration from . But it comes with the administrative overhead .<\/p>\n

Developers can take full advantage of\u00a0 Firebase Remote Config to build apps which require frequent configuration updates in app . One can think of implementing\u00a0 dynamic theme changes\u00a0 of app without updating existing app on store\u00a0 or\u00a0 \u00a0inform app users about new updates\u00a0 or\u00a0 change\u00a0 backend server connections whenever there is some planned maintenance window.<\/p>\n

Now the question is\u00a0 can we store API keys on Firebase and\u00a0 sync it with app when it require ?.<\/p>\n

Though it is possible , Google does\u00a0 not recommend\u00a0 it .\u00a0 Google says “Don’t store confidential data in Remote Config parameter keys or parameter values. It is possible to decode any parameter keys or values stored in the Remote Config settings for your project.”<\/p>\n

But yes , you can still store API keys\u00a0 depending on how important the API keys are and the exposed app content if your API keys are decoded by someone .<\/p>\n

At Least it is better than hard coding API keys in your app itself\u00a0 .\u00a0 So that you can keep changing API Keys periodically . If you want to use Firebase Remote Config for storing API keys , I recommend\u00a0 you\u00a0 to have some other second level authentication verification for APP users .<\/p>\n

IMPORTANT :<\/strong> You may consider using some other authentication mechanisms\u00a0 like OAuth2\u00a0 , <\/a>JWT\u00a0 <\/a>etc., <\/a>and refresh the tokens for dynamic sessions if you have sensitive app data and services.<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Google Firebase remote config\u00a0 is one of the google free firebase tools which opens lot of possibilities in mobile app development when it comes to managing dynamic app configuration . Of Course\u00a0 for your android or iOS app , you can always have your own backend database systems to pull […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[142],"tags":[194,195,193],"yoast_head":"\nIs it secure to use Firebase remote config to Store API keys ? - Ask Admin - A Lifelong Learner<\/title>\n<meta name=\"description\" content=\"Though google policy does not recommend storing API keys in Remote config , You can still use it for Basic Authentication if your data is not critical\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is it secure to use Firebase remote config to Store API keys ? - Ask Admin - A Lifelong Learner\" \/>\n<meta property=\"og:description\" content=\"Though google policy does not recommend storing API keys in Remote config , You can still use it for Basic Authentication if your data is not critical\" \/>\n<meta property=\"og:url\" content=\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/\" \/>\n<meta property=\"og:site_name\" content=\"Ask Admin - A Lifelong Learner\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-08T13:42:22+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"balu sreekanth\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/askadmin.com\/aa\/#website\",\"url\":\"https:\/\/askadmin.com\/aa\/\",\"name\":\"Ask Admin - A Lifelong Learner\",\"description\":\"Mobile App Development | IP Telephony | Linux\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/askadmin.com\/aa\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/#webpage\",\"url\":\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/\",\"name\":\"Is it secure to use Firebase remote config to Store API keys ? - Ask Admin - A Lifelong Learner\",\"isPartOf\":{\"@id\":\"https:\/\/askadmin.com\/aa\/#website\"},\"datePublished\":\"2021-04-08T13:42:22+00:00\",\"dateModified\":\"2021-04-08T13:42:22+00:00\",\"author\":{\"@id\":\"https:\/\/askadmin.com\/aa\/#\/schema\/person\/e1ff95d4a91ea001e25af3273533a345\"},\"description\":\"Though google policy does not recommend storing API keys in Remote config , You can still use it for Basic Authentication if your data is not critical\",\"breadcrumb\":{\"@id\":\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/askadmin.com\/aa\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Is it secure to use Firebase remote config to Store API keys ?\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/askadmin.com\/aa\/#\/schema\/person\/e1ff95d4a91ea001e25af3273533a345\",\"name\":\"balu sreekanth\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/askadmin.com\/aa\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6aebf95935573dc70f536f1003a2fb8c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6aebf95935573dc70f536f1003a2fb8c?s=96&d=mm&r=g\",\"caption\":\"balu sreekanth\"},\"sameAs\":[\"http:\/\/askadmin.com\"],\"url\":\"https:\/\/askadmin.com\/aa\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Is it secure to use Firebase remote config to Store API keys ? - Ask Admin - A Lifelong Learner","description":"Though google policy does not recommend storing API keys in Remote config , You can still use it for Basic Authentication if your data is not critical","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/","og_locale":"en_US","og_type":"article","og_title":"Is it secure to use Firebase remote config to Store API keys ? - Ask Admin - A Lifelong Learner","og_description":"Though google policy does not recommend storing API keys in Remote config , You can still use it for Basic Authentication if your data is not critical","og_url":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/","og_site_name":"Ask Admin - A Lifelong Learner","article_published_time":"2021-04-08T13:42:22+00:00","twitter_misc":{"Written by":"balu sreekanth","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/askadmin.com\/aa\/#website","url":"https:\/\/askadmin.com\/aa\/","name":"Ask Admin - A Lifelong Learner","description":"Mobile App Development | IP Telephony | Linux","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/askadmin.com\/aa\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/#webpage","url":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/","name":"Is it secure to use Firebase remote config to Store API keys ? - Ask Admin - A Lifelong Learner","isPartOf":{"@id":"https:\/\/askadmin.com\/aa\/#website"},"datePublished":"2021-04-08T13:42:22+00:00","dateModified":"2021-04-08T13:42:22+00:00","author":{"@id":"https:\/\/askadmin.com\/aa\/#\/schema\/person\/e1ff95d4a91ea001e25af3273533a345"},"description":"Though google policy does not recommend storing API keys in Remote config , You can still use it for Basic Authentication if your data is not critical","breadcrumb":{"@id":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/askadmin.com\/aa\/though-google-policy-does-not-recommend-storing-api-keys-in-remote-config-you-can-still-use-it-for-basic-authentication-if-your-data-is-not-critical\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/askadmin.com\/aa\/"},{"@type":"ListItem","position":2,"name":"Is it secure to use Firebase remote config to Store API keys ?"}]},{"@type":"Person","@id":"https:\/\/askadmin.com\/aa\/#\/schema\/person\/e1ff95d4a91ea001e25af3273533a345","name":"balu sreekanth","image":{"@type":"ImageObject","@id":"https:\/\/askadmin.com\/aa\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/6aebf95935573dc70f536f1003a2fb8c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6aebf95935573dc70f536f1003a2fb8c?s=96&d=mm&r=g","caption":"balu sreekanth"},"sameAs":["http:\/\/askadmin.com"],"url":"https:\/\/askadmin.com\/aa\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/posts\/616"}],"collection":[{"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/comments?post=616"}],"version-history":[{"count":1,"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/posts\/616\/revisions"}],"predecessor-version":[{"id":617,"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/posts\/616\/revisions\/617"}],"wp:attachment":[{"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/media?parent=616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/categories?post=616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/askadmin.com\/aa\/wp-json\/wp\/v2\/tags?post=616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}