Currently the mapbox api key and firebase api token are stored in hidden files. This makes it very problematic to integrate with remote services like travis ci.
According to the public documentation, it is ok for both mapbox and firebase to display the account details. The security rules should still be enforced though !!
The secrets cannot be stored behind an authentication-required endpoint since we require them to initialize firebase. Therefore I would propose to store those keys in a json file which the app can fetch (without authentication) and use to initialize the required services. Store those credentials in local storage and use them for subsequent app starts.
carocad
commented
7 years ago
Currently the mapbox api key and firebase api token are stored in hidden files. This makes it very problematic to integrate with remote services like travis ci.
According to the public documentation, it is ok for both mapbox and firebase to display the account details. The security rules should still be enforced though !!
The secrets cannot be stored behind an authentication-required endpoint since we require them to initialize firebase. Therefore I would propose to store those keys in a json file which the app can fetch (without authentication) and use to initialize the required services. Store those credentials in local storage and use them for subsequent app starts.
refs: