Best practice for storing and protecting private API keys in applications [closed]

Answer 1

Adding to @Manohar Reddy solution, firebase Database or firebase RemoteConfig (with Null default value) can be used:

1. Cipher your keys
2. Store it in firebase database
3. Get it during App startup or whenever required
4. decipher keys and use it

What is different in this solution?

• no credintials for firebase
• firebase access is protected so only app with signed certificate have privilege to make API calls
• ciphering/deciphering to prevent middle man interception. However calls already https to firebase