How to initialize firestore without exposing the config?

228 Views Asked by hackerl33t At 12 April 2025 at 07:20

Am wondering if there's a way to not expose the apiKey, authDomain and projectId when using the JavaScript SDK based on the examples here: https://firebase.google.com/docs/firestore/quickstart#initialize

// Initialize Cloud Firestore through Firebase
firebase.initializeApp({
  apiKey: '### FIREBASE API KEY ###',
  authDomain: '### FIREBASE AUTH DOMAIN ###',
  projectId: '### CLOUD FIRESTORE PROJECT ID ###'
});

var db = firebase.firestore();

Would other people be able to initialize firestore with my configs if they're exposed?

Original Q&A

There are 1 best solutions below

Tarik Huber On 20 May 2021 at 20:31 BEST ANSWER

There is no security risk if someone can get that data from your project. They can't do anything with them to harm you and your App. Anyone who wants to connect to your project would need that information. There is a great answer to that from Puf.

With App Check you can limit access to your Firebase project only from sourced linked to it like Android, iOS and Web Apps.

How to initialize firestore without exposing the config?

There are 1 best solutions below

Related Questions in FIREBASE-SECURITY

Related Questions in JAVASCRIPT-SECURITY

Trending Questions

Popular # Hahtags

Popular Questions