Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to source control Firestore database security rules and update them automatically

Is it prudent to save Firestore security rules in the source control of the code (Github)?

In addition what is the best way to deploy the security rules automatically when cloning the repository and installing the application for the first time (For an Open Source project purposes)? In my case it is an Android app built with Gradle in Android Studio.

like image 382
CaptainNemo Avatar asked Dec 27 '17 18:12

CaptainNemo


People also ask

How do you update firestore security rules?

Edit and update your rulesOpen the Firebase console and select your project. Then, select Realtime Database, Cloud Firestore or Storage from the product navigation, then click Rules to navigate to the Rules editor.

How do you update Firebase realtime rules?

These rules are hosted on Firebase servers and are applied automatically at all times and you can change the rules of your database in Firebase console. You just have to select your project, click on the Database section on the left and select the Rules tab.


1 Answers

The Firebase security rules may be considered slightly more sensitive than other source code found in your source code repository. That being said, it is ok to store them alongside the rest of the source for your application. If you have chosen to host your application's source code in a public repository, then you already have a certain comfort level with exposing the inner workings of your application.

An argument can be made that exposing how your Firebase resources are secured could help bad actors in finding loopholes and exploiting your application but the same can be said of the rest of your application's source code.

While there are advantages to store your security rules in your source repository (i.e. version control), you may want to consider configuring rules in the Firebase console. This will not work if you intend on setting up a continuous integration and deployment process.

You could also consider storing your security rules in a separate private repository and leverage the Firebase CLI to automate deployment from that private repository, for example:

cd ../my-project-security-rules
firebase --project my-project deploy --only firestore:rules

Your my-project-security-rules repository would need to include a slimmed down version of your firebase.json configuration file, for example:

{
  "firestore": {
    "rules": "firestore.rules",
    "indexes": "firestore.indexes.json"
  }
}

See https://firebase.google.com/docs/cli/#partial_deploys for more information about partial deploys via the Firebase CLI

like image 156
Brian De Sousa Avatar answered Oct 20 '22 01:10

Brian De Sousa