1

How do I handle my Firebase API key in a production application?

I have the following component:

<firebase-app
  id="firebase"
  auth-domain="<domain>"
  database-url="<url>"
  api-key="<api_key>">
</firebase-app>

I'm using the Polymer Starter Kit with Firebase hosting. Is there somewhere to designate my API key as an environment variable and pass the variable to the application when I start the app?

I use polymer build to build my app, then firebase deploy to push my app to Firebase.

Nic Stelter
  • 641
  • 2
  • 7
  • 19
  • Here's some [Firebase documentation on environment variables](https://firebase.google.com/docs/functions/config-env). I'm not sure how to use them with the Polymer Firebase elements though...we might just have to access them using the regular JavaScript Firebase API. – intcreator Jun 09 '17 at 05:33
  • you can expose api key publicly. But when your app goes to production https://console.developers.google.com/apis/credentials select browser based key associated with your firebase project and then set the HTTP referrers (web sites). This way if any one try to miss match with your api key they can't allowed to do that because it tied up with that domain you mention in HTTP referrers right ? – Raja Simon Aug 29 '17 at 14:27
  • @RajaSimon that sounds good but in practice it kills you because then you can't access your own database when you're developing the site. – intcreator Oct 06 '17 at 22:51
  • I don't think so because when in development we usually use localhost and firebase kinda allows that... – Raja Simon Oct 07 '17 at 13:23

0 Answers0