[英]How to hide API keys when using React, firebase, and Github Action Deploy
I have a basic web application written in React that requires an API key to make requests.我有一个用 React 编写的基本 Web 应用程序,它需要一个 API 密钥来发出请求。 I want to be able to deploy my application on Firebase using Github Action Deploy (this I know how to do) and also be able to hide my API key.
我希望能够使用 Github Action Deploy(我知道该怎么做)在 Firebase 上部署我的应用程序,并且还能够隐藏我的 API 密钥。 I have read many articles on hiding API keys in firebase but can't seem to figure out how to access them in react in a safe manner while also having the code base live on GitHub.
我已经阅读了许多关于在 firebase 中隐藏 API 密钥的文章,但似乎无法弄清楚如何以安全的方式访问它们,同时将代码库放在 GitHub 上。
Well according to your comment, I think you want to store the API KEYS in the .env
file and then you want to export them in your React app.根据您的评论,我认为您想将 API KEYS 存储在
.env
文件中,然后您想将它们导出到您的 React 应用程序中。
.env.local
file.env.local
文件.env.local
file in your React source folder..env.local
文件。REACT_APP_
(Like this 👇).REACT_APP_
(像这样 👇)。REACT_APP_apiKey="<your api key here which you copied from firebase>"
REACT_APP_authDomain="<your api key here which you copied from firebase>"
REACT_APP_projectId="<your api key here which you copied from firebase>"
REACT_APP_storageBucket="<your api key here which you copied from firebase>"
REACT_APP_messagingSenderId="<your api key here which you copied from firebase>"
REACT_APP_appId="<your api key here which you copied from firebase>"
REACT_APP_measurementId="<your api key here which you copied from firebase>"
process.env
.process.env
访问 React 中的所有这些令牌。 So your firebase.jsx
file (or whatever you named) may look like this 👇.firebase.jsx
文件(或任何你命名的文件)可能看起来像这样 👇。const firebaseApp = firebase.initializeApp({
apiKey: process.env.REACT_APP_apiKey,
authDomain: process.env.REACT_APP_authDomain,
projectId: process.env.REACT_APP_projectId,
storageBucket: process.env.REACT_APP_storageBucket,
messagingSenderId: process.env.REACT_APP_messagingSenderId,
appId: process.env.REACT_APP_appId,
measurementId: process.env.REACT_APP_measurementId,
});
// NOTE THE USE OF `process.env.REACT_APP_...`
.env.local
from uploading to remote by adding it to the .gitignore
file(which will be added by default to the .gitignore
file provided by React)..env.local
添加到.gitignore
文件(默认情况下会添加到 React 提供的.gitignore
文件)来阻止.env.local
上传到远程。 Hope it helps 🙌!希望对你有帮助🙌!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.