In the final stages of developing my first self published app. It is growing in complexity but I have a good focus on the MVP candidate. I was originally using Firestore as the database and certain features linked to Firebase. After taking a closer look I have shifted to building on Supabase. Quite happy with this so far and have completely disabled Firebase from the app. Do not know if I will use any features, though I might want it for Crashalytics if there is no other clear way to track errors in the app.
Regarding the API keys. I saw a few things that were interesting so far. In many tutorials I hear people say you shouldn't store the variable in the app state. I see an option to encrypt the values. I am wondering if this could be considered effective enough for an MVP release?
Also, where the tutorials made before encryption was an option or is this not strong enough / fails to completely secure the key? I am just wondering why I have seen so many mentions of not doing this come up.
If not, what are some secure options to load this into the app.
Can I store it in Supabase?
Do I have to enable Firebase? I saw another place where they used Firebase remote config to load variables on the fly, lost track of that link but the method looked sound. Would consider that option, but as mentioned, currently do not have this project connected to it. This FF post also seemed relevant to the topic.
What are the most common/preferred methods to load these keys into the app?