These api keys are public keys, to protect you firebase project from unauthorized access you have to use the new "App check" from the firebase team ( in beta stage)
Link: firebase.google.com/docs/app-check
Im saying that after doing the ""App Check", api key can be shared in public, because it will work only if the request comme from an authorized domaine (YOUR WEB SITE FOR EXEMPLE) else the request will be rejected even with the correct API.
These api keys are public keys, to protect you firebase project from unauthorized access you have to use the new "App check" from the firebase team ( in beta stage)
Link: firebase.google.com/docs/app-check
So you're saying doing this App Check is mandatory in order for the env variables to work?
Im saying that after doing the ""App Check", api key can be shared in public, because it will work only if the request comme from an authorized domaine (YOUR WEB SITE FOR EXEMPLE) else the request will be rejected even with the correct API.
Nice. I understand now, thanks.
You are welcome
This is really a nice suggestion. Thanks a lot for mentioning it Adelpro !
You are welcome