DEV Community

How to keep your Firebase project safe and secure from everyone

Pranav Karawale on December 18, 2020

After doing a couple of open source Firebase projects (web apps, I mean), I feel like I'm experienced* enough to write this post. So if I say somet...
Collapse
 
patarapolw profile image
Pacharapol Withayasakpunt • Edited

Even if you don't use Firebase hosting, the config object is still there (in the frontend / client-side/ web browser), just obfuscated.

Collapse
 
retronav profile image
Pranav Karawale

Yes, and unfortunately developers add unnecessary abstractions to hide, which is sad. I hope this article will help them.

Collapse
 
retronav profile image
Pranav Karawale

Hi Sarvesh,
Assuming you're using environment variables in CI jobs, it is perfectly abstracted from the public. You need not worry getting them leaked. Its perfectly fine to store it in environment variables.

 
retronav profile image
Pranav Karawale

Hi Sarvesh,
You should try configuring your environment variables like mentioned in the docs (link)
You should also set those environment variables in Vercel (link)
After these steps and double-checking, it will work

Collapse
 
kevinmmansour profile image
Kevin M. Mansour

Hello

I am working in HTML and Firebase Project

Is it good to add firebase config in index.html (as People can see it ) or add it in JS file

Thanks

Collapse
 
retronav profile image
Pranav Karawale

Hello Kevin!
Its okay to add it in the HTML files. But since you'll be having JS files, my opinion would be to add it in the JS files.
Enjoy!

 
retronav profile image
Pranav Karawale

You're welcome :)

Collapse
 
retronav profile image
Pranav Karawale

Hi Sarvesh,
Are you using Next.js or some other framework for your app? It'll be helpful if you tell that.

Collapse
 
akp111 profile image
Ashis Kumar Pradhan

I am using the firebase config in an extension I am working on. I am not able to store in .env file. I am using the config to generate device ID. Do you think someone can Ddos the extension?