Update API keys
Closed this issue · 1 comments
Originally when I set this app up, it was to get it running. However, I violated a rule and my API key is in the repo. I've since removed created a new API key and this needs to be setup using ENV variables.
After doing additional research on this topic, the API key is intended for public use. It seems that Firebase handles security a little differently see https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053.
The idea for Firebase is that we want to lock down how the database can be interacted with using read / write rules and then enforcing validation. Since Firebase provides out of the box authentication, for now I should focus on locking down the authorization portion. This can be done by modifying the rules.
Additional TODO's for this task involve re-adding the configuration for this project and then locking down the database.