Is it safe to keep the firebase config file (with the APIkey)when deploying my mobile app (front-end react native) to the google play store and app store?
How can I make it safer?
Asked
Active
Viewed 1,498 times
1
-
2There is no private data in the Firebase config files for Android and iOS. – Doug Stevenson Nov 12 '18 at 18:21
1 Answers
2
As Doug commented, the google-services.json (or google-services.plist file for iOS) does not contain any secret credentials. It merely contains the configuration data that your app needs to find its Firebase project on the servers. So sharing it with other developers on your app is not only safe, it's required for them to build an app that communicates with the same Firebase project.
You may want to consider keeping it out of version control though, and instead only deploy it onto your build server. The reason for this is not as much that that data is secret, but more that each developer should typically set up their own Firebase project for their development work. That way they won't be stepping onto each other's toes during feature development work.
Also see:
Frank van Puffelen
- 565,676
- 79
- 828
- 807