Setup - Add SHA Keys (Android & Web)

🔑 What are SHA Keys?

SHA (Secure Hash Algorithm) keys are cryptographic fingerprints that uniquely identify your app's signing certificate. They're essential for Firebase services like Google Sign-In, OAuth, and app verification.

Step 7: Add SHA-1 and SHA-256 Keys

For Android apps to work seamlessly with Firebase (especially for authentication and security), you need to generate and add SHA-1 and SHA-256 keys to the Firebase Console.

⚠️ Important: You need to add SHA keys for both debug and release builds. Debug keys are used during development, while release keys are needed for production apps.

Method 1: Using Terminal or Command Prompt

Open a terminal and run the appropriate command for your operating system:

                    keytool -list -v -keystore %USERPROFILE%\.android\debug.keystore -alias androiddebugkey -storepass android
                

                    keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android
                

Copy the generated SHA-1 and SHA-256 keys and add them to the Firebase Console under:

Project Settings > Your App > SHA Certificate Fingerprints.

Method 2: Using Android Studio

Open your Flutter project in Android Studio.
Go to the bottom panel in Android Studio and select the Terminal tab.

Navigate to the Android Folder

cd android

Run the Gradle Signing Report Command

Run the following command:

./gradlew signingReport

Check the Output

Once executed, you will see an output similar to this:

                Task :app:signingReport
                Variant: debug
                Config: debug
                Store: /Users/<username>/.android/debug.keystore
                Alias: AndroidDebugKey
                SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
                SHA256: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
            

Method 3: Using Flutter CLI

You can also generate SHA keys directly from your Flutter project root:

flutter build apk --debug

This will show the signing information including SHA keys in the build output.

Adding Keys to Firebase Console

Go to Firebase Console
Select your project
Click the gear icon (⚙️) next to "Project Overview"
Select "Project settings"
Scroll down to "Your apps" section
Click on your Android app
Scroll to "SHA certificate fingerprints"
Click "Add fingerprint" and paste your SHA-1 or SHA-256 key

Why is this Required?

Adding SHA-1 and SHA-256 keys is essential for:

Firebase Authentication: Google Sign-In, OAuth, and other authentication methods
App Security: API requests validation and app integrity verification
Firebase Services: Proper communication between Firebase and your Android app
Google Services: Maps, Analytics, and other Google APIs

Common Issues & Solutions

❌ "SHA key not found" Error

Solution: Ensure you're using the correct keystore path and alias. For debug builds, the default alias is always "androiddebugkey".

❌ "Invalid SHA format" Error

Solution: Copy the SHA key exactly as shown, including all colons (:). Don't add or remove any characters.

❌ Google Sign-In Not Working

Solution: Verify that both SHA-1 and SHA-256 keys are added to Firebase Console. Some services require both.

❌ Release Build Issues

Solution: Generate SHA keys from your release keystore, not the debug keystore. Use the same process but with your release keystore file.

💡 Pro Tip: Keep a record of all your SHA keys (debug and release) in a secure location. You'll need them when setting up Firebase for new projects or when team members need access.