could somebody explain use cases for using firebase tools. I understand that we can use them to connect to Firebase Realtime database and for authentication. But what I cannot grasp is: do we use it on our local machine and then deploy to google or is it also useful when hosting on other servers? I would love to hear more use cases for using the tools.
Thank you.
The Firebase tools/CLI provide commands to interact with your Firebase projects from a shell/terminal.
You'd typically run it on your local machine to make changes to the database, update files for hosting, update your security rules, import/export users, etc.
For a full list of its commands, see the reference documentation for the Firebase CLI.
Related
I am building an automation process for my app, which includes creating several new Firebase projects. (After a lot of investigation, I am sure that several projects are needed, and that it cannot be done with just one project).
I am looking for a way to create a new Firebase project from scratch, and enable Phone Auth, Cloud Firestore, and Cloud Storage, along with security rules, programmatically.
I have taken a look at the Firebase Management REST API, which indeed shows a way to create a new Firebase project and link it to an existing GCP project, but couldn't find a way to configure the project itself through the API (Authentication, Firestore, Storage, etc.).
Is there any way to create and configure a Firebase project from scratch, using an API/SDK or CI/CD of some kind?
Thank you!
Have you looked into the firebase-admin SDK? It is a backend-only API because it needs your private key to authenticate against and can therefore not be used in the app directly (shipping your private key with the app would be pretty big security issue!), but as I understand it, creating new firebase-projects is something of a backend activity for you anyway?!
Look at https://firebase.google.com/docs/auth/admin/ for the API's documentation and what you can do with it.
So after a long research, it seems that we can combine the Firebase CLI and the Firebase Admin SDK in order to achieve it.
We can create a new project using the command
firebase projects:create NEW_PROJECT_ID
And then to configure all of the necessary configurations through the admin SDK
We're developing a full-stack platform deployed on GCP via AppEngine and with Firebase (Firestore + RealTimeDb) as noSql Db Module.
We're going live but I've a doubt. Now we're using the Firebase private-key.json to interface our software to Firebase and it is saved to a folder in the project like src/firebase and it is bound to our code through:
admin.credential.cert(require(path))
The API key and the path are saved to the .env file.
We're using the same technique to use the GCP client libraries (for example like Logging system).
I've also see that for GCP client libraries Google advises to use environment variables, but also indicates that they're active only during the session.
Anyway, to respect and to optimize security of our system: we should go live with these configurations or we have to change them? Please, do you have any advice to not expose the credentials and to don't have a vulnerable system?
Thanks guys
Posting John Hanley's, guillaume blaquiere's, al-dann's and Alex L's comments as a Community Wiki for visibility.
App Engine and Firebase are different services. There is a difference between their configuration files.
App Engine does not require a service-account.json file. Use Application Default Credentials (ADC).
Deploying a service-accout.json file inside your application source code is NOT SECURE.
The AppEngine service has the permission to use Firebase product (Firestore, Firebase functions) which should be sufficient. This means that you don't really need an API Key and a Firebase private key in your Node.js back-end.
App Engine runs under a service account. It may be possible to grant relevant IAM roles to that account (i.e. roles/datastore.user), so it can work with the Firestore service. If you would like - you can keep them in different projects.
You can refer to the Node.js quickstart for guidance in this scenario.
I see this question has already been asked but not all that recently so I am bringing it up again.
How do you hide your firebaseConfig file, or any secret key, in an expo application? (For production, not dev).
As far as I can tell, there is no way to properly hide the firebase config file with API keys etc in a react-native expo app.
Being that I have already built my entire app around interacting with firestore, I am a bit perplexed as to how to proceed forward.
If I eject, is there a way to properly hide my API key in a non-expo react-native-app? Or will I still face the same problem? Everything is working smoothly and I would prefer not to eject.
I have some experience using node.js/express.js as a backend (only ever in a development setting). Should I build myself a server and then serve the config info from there?
If I want to deploy a 'demo' app, is there a way to hide the keys while still using expo?
Any insight into this would be so helpful.
As far as I am aware there is no 'dotenv' package compatible with expo.
Also I have zero experience in deploying mobile apps, and very little in deploying web apps. I have not yet had to deal with securing keys in deployment.
Any help would be so appreciated.
It's not possible to effectively hide your Firebase config information. The best you can do is make it more difficult for someone to find them. Since all the JavaScript code is running on a computer or device that you don't control, you can't ensure that any of it is hidden from view.
In fact, you don't need to hide any of that. I suggest reading this: Is it safe to expose Firebase apiKey to the public?
If you're using Realtime Database, Firestore, or Cloud Storage, you should be using security rules to protect data so that only authorized users can access it.
I'm working on a product which uses Firebase as its backend. Since firebase exposes the API keys to the user so that could be a security issue. So, after doing some research I've set the database security rules along with API keys restrictions.
But, now I'm unable to use it in local development as well. I was thinking of creating another firebase project and use that as a testing environment and use the existing one as production.
Since the existing project has a lot of data and users. I want everything similar in the new firebase project as well. But I'm unable to find an efficient way to do so. Can anyone please suggest what would be the best option here? Should I create a new testing environment or is there a way to allow me to use the keys locally without it causing a security concern?
Any help would be great. Thank you for your time.
There is no specific command to replicate one project to another, but you can build the necessary functionality yourself with each product's APIs.
For porting users between projects you can use:
The Firebase CLI, which has auth:import and auth:export commands.
The Firebase Admin SDK, which has commands to list all users and import a list of users.
For transferring data between the projects, you can use the API of the relevant database to read/write the data.
I have a project for both Android and iOS that's using cloud functions for same app behavior and consistent data storing. For now we were debugging apps on single database, storage and authentication.
The problem is when I switch to release variant I want functions to operate on release database, storage and auth.
I've been searching for an answer to my problem and all I've found was this: How to access multiple Realtime Database instances in Cloud Functions for Firebase
but it doesn't help too much.
Is there a way to go about that without making another Firebase project for release variant?
Ok, so basically just a while after posting this question I've found official firebase guide that helped me resolve this issue.
Short answer: no, you have to create another project in Firebase as described in guide.