voo_env 0.2.0

[DEPRECATED] Use voo_config for configuration and voo_secrets for secure secrets. This package used XOR obfuscation which provides false security.

VooEnv (DEPRECATED)

This package is deprecated. Please migrate to:

• voo_config - For non-sensitive configuration (URLs, feature flags)
• voo_secrets - For secure secrets (API keys, credentials)

Why Deprecated?

The XOR obfuscation in voo_env provided false security. Any value embedded in an app binary can be extracted, regardless of obfuscation or encryption, because the decryption key must also be in the binary.

Migration Guide

For Configuration (Non-Sensitive)

Replace voo_env with voo_config:

# Before
dependencies:
  voo_env: ^0.1.0
dev_dependencies:
  voo_env_generator: ^0.1.0

# After
dependencies:
  voo_config: ^1.0.0
dev_dependencies:
  voo_config_generator: ^1.0.0

Update annotations:

// Before
@VooEnv(obfuscate: true)
abstract class Env {
  @EnvField()
  static final String baseUrl = _Env.baseUrl;
}

// After
@VooConfig()
abstract class Config {
  @ConfigField()
  static const String baseUrl = _Config.baseUrl;
}

For Secrets (Sensitive)

Use voo_secrets to fetch secrets from your backend at runtime:

// Initialize
await VooSecrets.initialize(
  config: SecretsConfig(
    endpoint: 'https://your-backend.com/api/secrets',
    tokenProvider: () async => authService.getAccessToken(),
  ),
);

// Fetch after login
await VooSecrets.instance.fetchSecrets();

// Access
final apiKey = VooSecrets.instance.get<String>('api_key');

// Clear on logout
await VooSecrets.instance.clear();

Security Comparison

Aspect	voo_env (Deprecated)	voo_config	voo_secrets
Values in binary	Yes (obfuscated)	Yes (plain)	Never
Extractable	Yes	Yes	No
Use for secrets	Never	Never	Yes
Use for config	Yes	Yes	No

---

Built by VooStack

Contact Us