VooEnv (DEPRECATED)

This package is deprecated. Please migrate to:

  • voo_config - For non-sensitive configuration (URLs, feature flags)
  • voo_secrets - For secure secrets (API keys, credentials)

Why Deprecated?

The XOR obfuscation in voo_env provided false security. Any value embedded in an app binary can be extracted, regardless of obfuscation or encryption, because the decryption key must also be in the binary.

Migration Guide

For Configuration (Non-Sensitive)

Replace voo_env with voo_config:

# Before
dependencies:
  voo_env: ^0.1.0
dev_dependencies:
  voo_env_generator: ^0.1.0

# After
dependencies:
  voo_config: ^1.0.0
dev_dependencies:
  voo_config_generator: ^1.0.0

Update annotations:

// Before
@VooEnv(obfuscate: true)
abstract class Env {
  @EnvField()
  static final String baseUrl = _Env.baseUrl;
}

// After
@VooConfig()
abstract class Config {
  @ConfigField()
  static const String baseUrl = _Config.baseUrl;
}

For Secrets (Sensitive)

Use voo_secrets to fetch secrets from your backend at runtime:

// Initialize
await VooSecrets.initialize(
  config: SecretsConfig(
    endpoint: 'https://your-backend.com/api/secrets',
    tokenProvider: () async => authService.getAccessToken(),
  ),
);

// Fetch after login
await VooSecrets.instance.fetchSecrets();

// Access
final apiKey = VooSecrets.instance.get<String>('api_key');

// Clear on logout
await VooSecrets.instance.clear();

Security Comparison

Aspect voo_env (Deprecated) voo_config voo_secrets
Values in binary Yes (obfuscated) Yes (plain) Never
Extractable Yes Yes No
Use for secrets Never Never Yes
Use for config Yes Yes No

Built by VooStack

Contact Us

Libraries

voo_env
Secure build-time environment variable handling for Flutter.