API keys stored in app.json

  1. SDK Version: 35
  2. Platforms(Android/iOS):

The documentation on configuring app.json (https://docs.expo.io/versions/latest/workflow/configuration/) describes adding information to expo.extra that can then be accessed via Constants.manifest. It also states that sensitive information such as secret keys are removed, which makes me think it’s a secure way of storing API keys. But I can’t find much more detail about this. How safe is it to add API keys here?

Apologies if this is already answered somewhere. I see various posts stating that secret API keys should not be stored in the app, but I’m struggling to understand where API keys added to app.json are ultimately stored.

1 Like