3π
β
The best way to handle this scenario is to use an env file.
This file will be used locally and in your production build, but will be ignored whenever you upload to Github (make sure to add it to the .gitignore file).
Furthermore, it is important to know, that specifically for the config for Firebase, the data sits on the client and it will be hard for you to prevent someone from accessing it.
According to this SO question, this is not an issue and the API key and other data from the config do not present a security threat. It is important to create restrictive rules in your Firebase products (storage, DB).
π€tomerpacific
Source:stackexchange.com