Huh? Firebase ENV && firebaseClientConfig - Redwood 0.31

The docs say:

Using the names exactly as given below, follow the instructions in this document to "Whitelist them in your redwood.toml".

But no variables are listed…

Am I really supposed to commit & deploy the firebaseClientConfig in my web/src/App.tsx ??

The exact same setup goes into api/src/lib/auth.js

How am I not giving away the keys to the castle here…?

var firebaseClientConfig = {
  apiKey: "<omitted>",
  authDomain: "<omitted>",
  projectId: "<omitted>",
  storageBucket: "<omitted>",
  messagingSenderId: "<omitted>",
  appId: "<omitted>",
  measurementId: "<omitted>"

const firebaseClient = ((config) => {
  return firebase

const App = () => (
  <FatalErrorBoundary page={FatalErrorPage}>
    <AuthProvider client={firebaseClient} type="firebase">
      <RedwoodApolloProvider useAuth={firebaseClient}>
        <Routes />
      <RedwoodApolloProvider useAuth={useAuth}> // <<<<<<<<<<<<<<<<<<<<

@ajoslin103 the client config web side is typically made up of public tokens and keys that are ok exposing. All auth providers have public and private keys and tokens and ids.

Those which are public can be shared.

Those which are private as well as any JWT decoder secret keys should be set as envars and only api/server side.

Check Firebase info for details but they should say which are ok to share publicly.


When I get this running I’ll submit any problems I had setting it up