0

I am using firebase for a Vue app and it's being used as follows:

var firebaseConfig = {
    apiKey: "",
    authDomain: "",
    databaseURL: "",
    projectId: "",
    storageBucket: "",
    appId: "",
    measurementId: "
 };

Obviously, the fields is filled in within my app but I don't want to commit this to my github repo. What is the best way to handle this?

morganOril
  • 15
  • 4
  • Make those string in a file as environment variable, and put the file where you setup environment variable in git ignore so it's not push to git – Crocsx Dec 28 '19 at 06:49

1 Answers1

3

The best way to handle this scenario is to use an env file.

This file will be used locally and in your production build, but will be ignored whenever you upload to Github (make sure to add it to the .gitignore file).

Furthermore, it is important to know, that specifically for the config for Firebase, the data sits on the client and it will be hard for you to prevent someone from accessing it.

According to this SO question, this is not an issue and the API key and other data from the config do not present a security threat. It is important to create restrictive rules in your Firebase products (storage, DB).

tomerpacific
  • 4,704
  • 13
  • 34
  • 52
  • 1
    thanks for the answer and thanks for bringing that up -- I was actually curious as to how safe it would be to have the client have this data but good to know someone asked this already ...I will definitely check that question you posted. Thanks so much! – morganOril Dec 28 '19 at 06:26