Skip to content

Paystack Secret Keys #11

@collinsmarra

Description

@collinsmarra

Hello,

I am currently investigating an issue with using paystack live key in flutter.
In your official example I see sk_test_4daeaa768f986a546516cd9a5d101f657ea4f1d3 which means when we build for prod we will have the live key somewhere in the environment variables and we will have to build it with the app.

Why not use the paystack live public key pk_live_524224fb10a9719320dfa3acd4d3f741a16142cd for flutter?

Because when .apk is genrated, an attacker can just grep the string in the binary and boom, the key is exposed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions