I am using the Firebase Admin SDK for my NextJS app and am not certain where to store the JSON file with all the keys. As far as I know, there is no way to integrate the secret keys in the JSON files with an .env.local
file. How can I safely store this sensitive file in my NextJS project?
I tried to use the default client SDK keys and place them in my .env.local
, but it gives me an insufficient permissions
error when I try and use it on my server. After a little digging, I realized that I need to use the JSON file for the Admin SDK. I know storing the JSON file in the /public
directory is not safe and exposes it to the client, so I can’t store it there.
How can I safely store the file with NextJS?
2
Answers
Turns out there is a way to use .env.local variables with the Admin SDK. It was hidden as a comment inside the code, and is not in any of the documentation I could find online.
Here it states:
Hopefully this helps someone like me :)
First, note that the .env.local file only works on your local machine and should be stored in the root directory of your NextJS app.
Make sure to add it to your .gitignore file so that it is not pushed to GitHub.
When deploying your app, you can set environment variables in the deployment platform, such as Vercel.
These variables should be used to store sensitive information like Firebase Admin SDK keys, instead of storing them directly in your code.
You need to set all environment variables in the following path:
I dont think there is any saftey problem