1

I'm very new to Firebase and security, so I'm not 100% about how secure Firebase is...

For instance, I have a database that stores user information. Can I assume this is secure..? Very secure?

I noticed an excerpt on the Firebase Docs:

By default, Google Cloud Storage manages server-side encryption keys on your behalf using the same hardened key management systems that we use for our own encrypted data, including strict key access controls and auditing. Cloud Storage encrypts user data at rest using AES-256, and each encryption key is itself encrypted with a regularly rotated set of master keys. There is no setup or configuration required, no need to modify the way you access the service, and no visible performance impact. Data is automatically and transparently decrypted when read by an authorized user.

I'm not sure if the Google Cloud Storage is on the same guidelines as the real time firebase database..

Would anyone have insight into this? How secure can I tell my users this is?

Any feedback would be great! Thanks.

Simon
  • 2,498
  • 3
  • 34
  • 77
  • I don't find anything in the documentation indicating the Realtime Database is encrypted. [This Firebase-Talk posting](https://groups.google.com/forum/#!topic/firebase-talk/kYSu0uFVHEY) contains a link describing one user's method for encrypting. The post contains a reply from Ian Barber. He is a Firebase team member. – Bob Snyder Sep 16 '17 at 15:08
  • You can get an authoritative answer to your question by contacting [Firebase Support](https://firebase.google.com/support/contact/troubleshooting/). – Bob Snyder Sep 16 '17 at 18:25
  • @Jane Doe Have you found the answer to your question? – ba_ul May 03 '18 at 00:40
  • @ba_ul unfortunately not :/ – Simon May 03 '18 at 02:10

2 Answers2

2

Firebase realtime database data is encrypted in transit, and it is stored on encrypted disks on the servers.

asierta
  • 307
  • 4
  • 16
2

Here is an authoritative remark issued within Firebase's privacy statement "Privacy and Security in Firebase":

Firebase services encrypt data in transit using HTTPS and logically isolate customer data. In addition, several Firebase services also encrypt their data at rest:

Cloud Firestore, Cloud Functions for Firebase, Cloud Storage for Firebase, Firebase Crashlytics, Firebase Authentication, Firebase Cloud Messaging, Firebase Realtime Database, Firebase Test Lab (section Security information / Data encryption

This statement includes Firebase Realtime Database

Felix K.
  • 14,171
  • 9
  • 58
  • 72