0

Almost every tutorial is creating a firebase.js file where they store the api key, url etc. to access the real time database for example.

When opening the app in the browser tho this data is also readable for everyone. How do i do this securely? I tried a .env file with process.env.MY_VAR - but this did not work, Neither on build or local run.

Isengo
  • 2,004
  • 3
  • 21
  • 43
  • The Firebase API keys are meant to be public and it's not an issue. Even if you use env variables, they are still present in the build. Checkout [this answer](https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public). – Dharmaraj Jun 19 '22 at 13:07
  • Have a look at the "legendary" answer to the question marked as a duplicate of your question which explains that there is no problem to expose the apiKey to the public. – Renaud Tarnec Jun 19 '22 at 13:08

0 Answers0