skip to Main Content

I am using the Firebase Admin SDK for my NextJS app and am not certain where to store the JSON file with all the keys. As far as I know, there is no way to integrate the secret keys in the JSON files with an .env.local file. How can I safely store this sensitive file in my NextJS project?

I tried to use the default client SDK keys and place them in my .env.local, but it gives me an insufficient permissions error when I try and use it on my server. After a little digging, I realized that I need to use the JSON file for the Admin SDK. I know storing the JSON file in the /public directory is not safe and exposes it to the client, so I can’t store it there.

How can I safely store the file with NextJS?

2

Answers


  1. Chosen as BEST ANSWER

    Turns out there is a way to use .env.local variables with the Admin SDK. It was hidden as a comment inside the code, and is not in any of the documentation I could find online.

    Here it states:

     * // Providing a service account object inline
     * initializeApp({
     *   credential: cert({
     *     projectId: "<PROJECT_ID>",
     *     clientEmail: "foo@<PROJECT_ID>.iam.gserviceaccount.com",
     *     privateKey: "-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----n"
     *   }),
     *   databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
     * });
    

    Hopefully this helps someone like me :)


  2. First, note that the .env.local file only works on your local machine and should be stored in the root directory of your NextJS app.

    Make sure to add it to your .gitignore file so that it is not pushed to GitHub.

    # local env files
    .env*.local
    

    When deploying your app, you can set environment variables in the deployment platform, such as Vercel.

    These variables should be used to store sensitive information like Firebase Admin SDK keys, instead of storing them directly in your code.

    You need to set all environment variables in the following path:

    https://vercel.com/[user name: XXX]/[project name: XXX]/settings/environment-variables
    

    I dont think there is any saftey problem

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search