I'm beginning to build an Angular 2 app with Firebase, hosted with Firebase, and I need to store my credentials.
When the app is running in production will it be safe to store my database credentials in my app.module.ts file?
Asked
Active
Viewed 88 times
1
-
2Only if you want to make it publicly available. – Günter Zöchbauer Oct 05 '16 at 05:12
-
If I need to use an api key to call the database, where do I store that? – Paul G Oct 05 '16 at 05:13
-
*12 factor apps* store credentials in the environment. – PA. Oct 05 '16 at 05:15
-
1You can store the API key in the source code. The API key should be limited to a specific referrer (in the API console) so it can only be used when the application is loaded from where you deploy it. http://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public – Günter Zöchbauer Oct 05 '16 at 05:17
-
@Paul: as the answer Gunter linked says, the important thing to realize is that your API (like the other config parameters) are **not** credentials. They are just identifiers that the app needs to find its project on the Firebase servers. – Frank van Puffelen Oct 05 '16 at 13:35