This question is about how to secure API keys. Not sure if this is in the same category as Key management for Cryptography and should follow the same rules. See details below.
We currently have hybrid Mobile Apps. The apps are made using Angular and Ionic. Now, we have some functions where we would need to use some of Google’s APIs in order to implement the functions we want. No problem there.
The issue is how to securely store the API keys that we pass to Google APIs? It would seem not a good practice to hardcode it in the UI codes. Can anyone help us here and suggest a way to securely store the API keys? We already have thought of retrieving it from the back end but it would still expose it after we retrieve it from back end and pass to Google.