Hello everyone! Please when working with KMM, how are secrets hidden? Secrets like API keys? Tried the buildconfig option but for some strange reasons, I can't use that in my shared module.

buildConfig

is an Android feature, you need to look for a different plugin that supports kmp for that

Okay thank you very much @Javier

In general though, you shouldn't expect that secrets are very well hidden with this. As with other client secrets, anyone with the app can disassemble and retrieve the secret

yeah, the only way to hide secrets in an app is not using it there and using a server as a proxy

Okay thank you all so much for the insightful tips @mbonnin @Javier

I havent used jetpack security but if it is java it will only work on Android

As others have alluded to there’s no effective way to have secrets in your application, since even if the user couldn’t disassemble the app, they could intercept your requests using a proxy and pick out the API key straight from there. My tip: Don’t consider (every) API key a secret, and if you’re not using a public repository just go ahead and put it in your source code where you get it versioned nicely as well 😉. If your API keys truly are secret (e.g. if they give the user more access than you’re interested in), then the only way to keep them out of user’s hands is to not have them installed on their devices at all, meaning you’d put them behind your own API on a server.

Thanks for these insightful tips @Nicklas Jensen