How to initialize firestore without exposing the config?

Question

Am wondering if there's a way to not expose the apiKey, authDomain and projectId when using the JavaScript SDK based on the examples here: https://firebase.google.com/docs/firestore/quickstart#initialize

// Initialize Cloud Firestore through Firebase
firebase.initializeApp({
  apiKey: '### FIREBASE API KEY ###',
  authDomain: '### FIREBASE AUTH DOMAIN ###',
  projectId: '### CLOUD FIRESTORE PROJECT ID ###'
});

var db = firebase.firestore();

Would other people be able to initialize firestore with my configs if they're exposed?

score 0 · Accepted Answer · answered May 20 '21 at 20:31

0

There is no security risk if someone can get that data from your project. They can't do anything with them to harm you and your App. Anyone who wants to connect to your project would need that information. There is a great answer to that from Puf.

With App Check you can limit access to your Firebase project only from sourced linked to it like Android, iOS and Web Apps.

answered May 20 '21 at 20:31

Tarik Huber

7,061
2
12
18

Got it. Its easier to understand when I think of those information as client side. – hackerl33t May 21 '21 at 16:45

How to initialize firestore without exposing the config?

1 Answers1