如果您认为 API Key 不应该被泄露，那么您不应该将它放在应用程序中.您可以使用以下可能的解决方案

If you think API Key should not be compromised then you should not put it inside the app. You can use the following possible solutions

1. 您可以将密钥保存在服务器上，并通过您的服务器路由需要该密钥的所有请求.因此，只要您的服务器是安全的，那么您的密钥也是安全的.当然，此解决方案存在性能成本.您可以使用 SSL 固定来验证响应.检查这个
   
2. 您可以通过编程方式获取应用的签名密钥，并在每个 API 调用中发送 is to sever 以验证请求.但是黑客可以以某种方式找出策略.
3. Google 不建议将 API 密钥存储在远程配置中，但您可以在那里保留一个令牌并使用它来验证请求并发送 API 密钥.检查这个
4. 对于 Android 应用，您可以使用 Google 提供的 SafetyNet API 来验证应用的真实性，服务器可以在验证 SafetyNet 响应后为用户生成令牌.令牌可进一步用于验证请求.有一个 plugin 可用于 Flutter for SafetyNet API.

1. You can keep your keys on a server and route all requests needing that key through your server. So as long as your server is secure then so is your key. Of course, there is a performance cost with this solution. You can use SSL pinning to authenticate the response. Check this
   
2. You can get the signature key of your app programmatically and send is to sever in every API call to verify the request. But a hacker can somehow find out the strategy.
3. Google does not recommend storing API keys in remote config but you can keep one token there and use it to verify the request and send the API key. Check this
4. In the case of the Android app, you can use SafetyNet API by Google to verify the authenticity of the app and the server can generate a token for the user after verification of the SafetyNet response. The token can be further used to verify the request. There is one plugin available for Flutter for SafetyNet API.

您可以结合使用上述方法来确保 API 密钥的安全性.为了回答您的问题，Firebase 远程配置使用 SSL 连接来传输数据，它非常安全，但您不应该完全依赖它来保证您的数据安全.您也不能使用可公开访问的 API 共享 API 密钥.此外，将加密密钥和数据同时存储在应用程序中也不会使其安全.

You can use a combination of the above approaches to ensure the security of the API key. To answer your questions, Firebase remote config uses SSL connection to transfer the data, it's very much secure but you should not rely on it completely for your data security. You also can't share API keys using the APIs which are publicly accessible. Moreover, storing both the encrypted key and the data inside the app won't make it secure.