You keep the secrets somewhere so that it will be called when needed... only to encrypt it and store its secret on the client side.
Source
You're making a point for necessity for decompiling, not security-wise.
Na u head strong head, EAS secrets no de client side..go read about u no gree...u say make I send u app, when reading will take less time
Na software devs de do that one, not software engineers
I not sure I understand you. if you fetch an encrypted secret from secret manager, how do you decrypt it?
if you want security, don't put sensitive secrets on the client. every other thing na bullshit
the only useful thing env does on client is seperate environments
I will give you an exple. if you want to show card details on a client while fetching the information from the server how will it work?
It doesn't count on what we are talking about because card details must be seen by the client.
And moreover, a user doesn't have to intercept as long as it has credentials that authorise him to access the information.
The only problem here is a man in the middle, and you need to embed a certificate into the app and implement a certificate spinning.