API Key exposed?

[ninjasort]

I'm not sure this is a good idea to drop in the entire Firebase credentials directly in the options.

I would prefer if you could expose the initializeApp function so we can configure that and return the app instance on our own.

All I really want is to have a wrapper around the Gatsby pages and some useful Firebase components to fetch and render data.

[VlatkovicB]

Use env variables to hide your API keys/secrets.

[ninjasort]

Sure, what are the Gatsby best practices for plugin security. I'm curious to read more into this.