Why is expo removing googleSignIn apiKey from app.json?

Why is expo removing googleSignIn apiKey from the app.json file?
While developing, i can log the key without any problems. Once it is built, i cannot access e.g. the android googleSignIn key.

import Constants from 'expo-constants';

export const getGoogleSignInAndroidClientId = () => {
    return Constants.manifest.android.config.googleSignIn.apiKey;
};

I already read the documentation an found the following:

Sensitive information such as secret keys are removed.

Okay, i got it. But i need to use the api-keys anyways in the application, didn’t i?
At least when logging in with google:

const {type, accessToken, user} = await Google.logInAsync({
            androidStandaloneAppClientId: 'ANDROID_API_KEY',
            scopes: ['profile', 'email']
});

Since i need the api key in the application, the user (theoretically) can figure out my api key.
Am I wrong? Shouldn’t i use the API-Key?
Please explain to me how I have to proceed to read the API key with the help of the constants.
Do i need to duplicate the API-key in the extra-settings (since i want to use alle the keys in one single file and not create an new .env file or something like that).

the api key is different from the client id

https://docs.expo.io/versions/v36.0.0/sdk/google/#deploying-to-a-standalone-app-on-android

1 Like

Wow, that was quick! Thanks for your answer, I probably confused it!

1 Like