0

are firebase keys inside .env file on frontend considered secure the issue here is most and I mean most of the tutorials out there are telling you it is a good practice to put all your keys inside an .env file... (frontend) but in real world could this compromise my database ? I mean why would those tutorials do this thing if this practice could jeopardize your app ? this big question is why there is a react .env on the front end to begin with if it is not secure ?

enter image description here

Richardson
  • 1,804
  • 10
  • 38
  • That file lives on the server and is never exposed to the client, so the DB credentials would be as safe as the server hosting the program. Of course, as long as you never send it anywhere. Another backend would just move the very same problem one step further. – Alejandro Mar 02 '22 at 21:26
  • I am talking front end react env not backend. – Richardson Mar 02 '22 at 21:28
  • It depends on how you've implemented the frontend, often there is a small Node server which server static HTML/JS/CSS with the bunch of React code and this server reads the .env. But if you just deploy all your compiled files to a normal web server like Apache, then that file wouldn't even appear there. The basis of my comment remains, it's reasonably safe as long as the file is **never** sent anywhere. – Alejandro Mar 02 '22 at 21:32
  • so this mean there is a mini backend with react that store this env file thus making it secure ? there fore the file is never getting complied and ejected in to front end (Clint side) exposing those important keys ?? – Richardson Mar 02 '22 at 21:32
  • `this mean there is a mini backend` I guess so, but only you can know for sure. Look or post the relevant code for confirmation. – Alejandro Mar 02 '22 at 21:35
  • there is no code its the env file in the root !! my firebase is frontend and it is taking its keys from the .evn in root ! that is the question is this approach secure :) – Richardson Mar 02 '22 at 21:37
  • @Richardson, Does this [thread](https://stackoverflow.com/a/37484053/16895640) answers your question? – Marc Anthony B Mar 03 '22 at 02:45

0 Answers0