How to hide firebaseConfig information in client side

Question

I'm setting authentication functionality by firebase.
It's working fine in my local docker environment.
But its firebaseConfig is located in client side.
I want to hide firebaseConfig information as environment variables.

Here is the stack.

・client: react/axios
・api: golang/gin
・web server: nginx
・db: mysql
・container: docker
・ci-tool: travis
・deploy: aws elastic beanstalk

Here is the repository structure

article
  ├ client
  ├   └ src
  │      └ firebase.ts
  ├ api
  ├ nginx
  └ docker-compose.yml

I set process.env in firebaseConfig.

//firebase.ts
import * as firebase from 'firebase';
import 'firebase/auth';

const firebaseConfig = {
  apiKey: process.env.REACT_APP_FIREBASE_API_KEY,
  authDomain: process.env.REACT_APP_FIREBASE_AUTH_DOMAIN,
  databaseURL: process.env.REACT_APP_FIREBASE_DATABASE_URL,
  projectId: process.env.REACT_APP_FIREBASE_PROJECT_ID,
  storageBucket: '',
  messagingSenderId: process.env.REACT_APP_FIREBASE_MESSAGING_SENDER_ID,
  appId: process.env.REACT_APP_FIREBASE_APP_ID,
};

firebase.initializeApp(firebaseConfig);

export default firebase;

This works fine in local environment.
But in production environment(elastic beanstalk), I have no idea to set these environment variables because they are in client side.

Entire source code is here:
https://github.com/jpskgc/article
Production URL is here:
http://multidocker-env.vwnrixavuv.ap-northeast-1.elasticbeanstalk.com/

I expect firebase authentication works in production environment(elastic beanstalk).
But the actual does not.

Zr {code: "auth/invalid-api-key", message: "Your API key is invalid, please check you have copied it correctly."}
code: "auth/invalid-api-key"
message: "Your API key is invalid, please check you have copied it correctly."
__proto__: Error

****UPDATE****
I set environemt variables in docker-compose.yml and elastic beanstalk.
but still same error occurs.

//docker-compose.yml
  client:
    build:
      dockerfile: Dockerfile.dev
      context: ./client
    volumes:
      - /app/node_modules
      - ./client:/app
    environment:
      - REACT_APP_FIREBASE_API_KEY=${REACT_APP_FIREBASE_API_KEY}
      - REACT_APP_FIREBASE_AUTH_DOMAIN=${REACT_APP_FIREBASE_AUTH_DOMAIN}
      - REACT_APP_FIREBASE_DATABASE_URL=${REACT_APP_FIREBASE_DATABASE_URL}
      - REACT_APP_FIREBASE_PROJECT_ID=${REACT_APP_FIREBASE_PROJECT_ID}
      - REACT_APP_FIREBASE_MESSAGING_SENDER_ID=${REACT_APP_FIREBASE_MESSAGING_SENDER_ID}
      - REACT_APP_FIREBASE_APP_ID=${REACT_APP_FIREBASE_APP_ID}

here is the elastic beanstalk environment variables setting:
https://i.stack.imgur.com/m8HRx.jpg

Answer 1

There is no prolbem to expose firebaseConfig.
I take a look at flowing article.
So issue is resolved.

Is it safe to expose Firebase apiKey to the public?