My app (Flutter based) that I’m willing to publish in F-Droid uses secrets that are used at Runtime of the app
The secrets get generated at the build time (using secrets.json locally & environmental vars in Github Action) & used in runtime. So I need a way to pass these secrets as ENV variables or any other way at build time in F-Droid server
ClientId or API Keys are fine to include as they’re intented to be seen by everyone. But my application also have to have ClientSecret too for its functionality & that is not something I can push to upstream. It can be a security risk for my users
Is there any way to store this kind of secret & pass it only in the build without letting know everyone?
Yeah my app has the ability to save user provided client id & secret but that’s only needed when the user is willing to login with his/her account
But by default my app would use some pre-generated client id & secret to provide an anonymous experience without needing an actual Spotify Account