Secure Env Manager (Flutter)

Secure Env Manager Logo

Overview

Secure Env Manager brings the security of server-side secret management to the client-side world of Flutter. It addresses the critical vulnerability where API keys stored in plain text (assets/strings) can be easily reverse-engineered from the APK/IPA.

The Status Quo

Most Flutter apps use flutter_dotenv which packages the .env file as an asset. Anyone can unzip the APK and read this file. Encryption is often an afterthought or implemented poorly.

Market Proposition

Defense-in-depth for mobile secrets.

  • Obfuscation: Scrambles secrets during code generation to make static analysis harder.
  • Runtime Encryption: Can decrypt values using a key generated at runtime or stored in secure hardware.
  • Type Safety: Generates a strongly-typed Env class, so you get compile-time errors if a key is missing.

Usage

# pubspec.yaml
dev_dependencies:
  secure_env_manager_generator: ^1.0.0

// Generated code usage
import 'package:my_app/env.g.dart';

void main() {
  print(Env.stripePublishableKey); // Type-safe and obfuscated
}

Hashtags

#Flutter #Dart #MobileSecurity #DevOps #Obfuscation