Menu
I currently have a React app using Firebase authentication & uses Firestore as the database.
I currently have the app deployed using Amazon's Amplify service. My Firebase API keys, including the database URL and firebase app Id are all added as environment variables in the AWS console.
When I inspect the public bundle, I can see that all the API keys are public.
My questions are:
892
Be sure your Firebase project is still selected. Click Create credentials > API key. Take note of the new API key, then click Restrict key. In the API restrictions section, select Restrict key, then add to the list only the Super Service API .
Integrating Firebase into our React appEnter firebase-user-auth as the name of the web app. After that, click on the Register app button, which takes us to the next step where our firebaseConfig object is provided. Copy the config to the clipboard as we will need it later on to initialize Firebase.
Your API keys, database URL, app id etc are meant to be public.
According to the firebase docs:
The content is considered public, including your platform-specific ID (entered in the Firebase console setup workflow) and values that are specific to your Firebase project, like your API Key, Realtime Database URL, and Storage bucket name. Given this, use security rules to protect your data and files in Realtime Database, Cloud Firestore, and Cloud Storage.
The way you're meant to make your connection to firebase secure is to use security rules. You can add custom rules to make sure your DB is secure.
For example: You can make sure only userId 12345 has rights to create, read, update and delete records for userId12345.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
