I have an express server and I have some files that I site needs to connect to the firebase, but I need to make them available only for my site code and not to users because they could see all my credentials. Is there way to do it?
Asked
Active
Viewed 19 times
0
-
No, it's impossible. – jabaa Jun 01 '22 at 12:05
-
You can only keep secrets from users _on_ your server. All your config and connection should probably be located there. – somethinghere Jun 01 '22 at 12:29
1 Answers
-1
It sounds like you're needing to use a .env file to store your keys/passwords.
https://www.npmjs.com/package/dotenv
Download the package and add these lines of code to your index.js
const dotenv = require("dotenv");
dotenv.config();
Then create your .env file and you can store your keys there.
Sam Levine
- 21
- 4
-
How does this solve the problem with credentials in the frontend/website? – jabaa Jun 01 '22 at 17:42
-
Do this in the frontend then... https://stackoverflow.com/questions/49579028/adding-an-env-file-to-react-project – Sam Levine Jun 02 '22 at 08:35
-
But the visitors of the website can read these credentials. Read the comments in your link. – jabaa Jun 02 '22 at 10:10
-
But I like the concept that bad developers add secrets in plain text to their frontend code. That makes the life hacker much easier. – jabaa Jun 02 '22 at 10:20