Im quite a beginner so if this is obvious please bear with me. I have done some research but nothing i could find for my specific question. I'm done creating my website using html/css/js and its ready for deployment. I’m using firebase as a backend to store some data. I have a firebase config function in one of my js files which contains my API key. I have seen some guides on using .env file but they all say its for source control. My question is: If i deploy my site as it is, is my API visible to the public? And if so, what are the best practices to follow to ensure my secret keys remain secret?
Asked
Active
Viewed 87 times
1 Answers
0
That depend if your keys are stored in the backend then you don't need to worry about them, specially if they are stored as part of the environment variables (only visible to you) but if you need to use that key to make API calls from within your frontend my best advice is for you to store them in memory (inside a variable possible global).
bmaggi
- 2,908
- 1
- 19
- 16
-
No i don't have a backend connected i’m only using firebase to make api calls from my frontend. Can you be a bit specific on how i should go about doing that? – abdi Jun 12 '20 at 18:41
-
If you insert your scripts in your HTML via CDN use this format: https://firebase.google.com/docs/web/setup#expandable-8 and get your config options as described here: https://support.google.com/firebase/answer/7015592 – bmaggi Jun 17 '20 at 02:57