Can the code I upload remove sensitive API keys?

For example, “firebase_options.dart” in Flutter or other API keys.
Or can contestants feel safe uploading code that contains sensitive data?
Does the provided code have to be complete and executable? (If I have published my app on Google Play.)

2 Likes

Including API key directly in code is a universally recognized bad practice.

I’d recommend transitioning to environment variables.

2 Likes

How do I make that? I’ve tried before.

Hi @Wilheim_Costa

Here’s how you can setup the py package to use API key through environment variable Tutorial: Get started with the Gemini API  |  Google for Developers

To load environment vars, you can use dotenv package to load from a .env file, or manually set up using terminal/command-line/deployment settings.

Have the same question. What about firebase_options. Also in firebase project, we have to upload SHA key to allow app to access firebase resources. How do we proceed ?