search

thisbejim / Pyrebase

A simple python wrapper for the Firebase API.
2.05k stars 525 forks source link

Project with pyrebase config open source on Github #362

Open PrateekGoyal18 opened 3 years ago

PrateekGoyal18 commented 3 years ago

If I want to open source my project on Github and connect it to Heroku for easy deployment, how I can do so without revealing the config keys? Because on Github, if someone checks out my project repo, they will be able to see the API key along with some other information.

DizzyduckAR commented 3 years ago

https://github.com/DizzyduckAR/LoginBase

with S3 but you can view the code and how to.

the "key" is not reveled. you use the secret key only to allow push from local pc to google servers. it will not pass or write it.

pyrebase got issue with DB rules. it can't pass Auth (user uid) info.

you can bypass the all issue with cloud functions (also on the free git above) and work on Fully locked DB

also since firebase provide all the stuff you need + hosting for free im not sure why you will go Heroku but its an option you can change later on.

Secret / Service key = mainly to allow push. Admin priv can be given inside the server cloud functions if you wanna run secure. Public api = the data you put on your code

global config config = { 'apiKey': "Put Fire base data here", 'authDomain': "Put Fire base data here", 'databaseURL': "Put Fire base data here", 'storageBucket': "Put Fire base data here", }

Above the "config" data your app will not need any other keys.

"easy deployment" can be done from Firebase CLI (will need secret key once and then it will allow you to push data to your project)

PrateekGoyal18 commented 3 years ago

I did not understand what you tried to explain?

DizzyduckAR commented 3 years ago

i already made a project with the stuff you need. you can read and view the stuff you need and how to push.

i used amazon S3 but you can do Heroku (but firebase provide all you need from host to DB free)

keys are not reveled. you just use them to push from CLI (local developer pc). you can use the public api's on the code so your data and account is not in danger.

service account / secret keys main value is for developers to push data from local. app don't need it and you can write on locked database with firebase cloud Functions

4) Set Local firebase CLI (with command prompt so we can push our stuff from local pc) Copy the function JS to your new Firebase Function Folder. Change / Mod / Edit push when done you can view and test your functions local before pushing (DB will be updated we emulate only the request)

5) Intargte Firebase Public key each project got one. (This is not account service key or secret key!!!!!!!! WE DO NOT USE THOSE. Never ADD Secret Key or Service Account Key!!!!!!!!!)

you can view Botit Project github and source to view how the project is "Hosted on github and amazon S3 (pyupdater)" no secret keys