Nikhil Shinde
Reputation: 1
How to securely manage secrets in Angular, Firebase, GitLab CI/CD?
I am working on an Angular application deployed on Firebase Hosting. I want to keep my sensitive API keys and tokens secure without exposing them in environment.ts, environment.prod.ts, etc files. I have already created pipeline in Gitlab for build and deploy stage, by hard coding the values the application gets build and deploy successfully but secrets, keys gets exposed in the JavaScript bundle when we inspect it.
I tried passing the variables through the CICD secrets/env variables but they get expose in the client side JavaScript bundle.
Upvotes: 0
Views: 38
Answers (1)
Marcin Wosinek
Reputation: 1009
There are two options:
- You either build some kind of backend that keeps API secrets away from the frontend, and it will make sure they are only used in authorized cases.
- You will use some access tokens that are safe to be shared publicly.
If you have access to some data on the frontend side, it's already outside your control.
Upvotes: 0
Related Questions
- How to detect when an @Input() value changes in Angular?
- Gitlab CI/CD variables are not being passed down to Firebase when deploying
- How to check the version of GitLab?
- How do I add a .env file in gitlab ci during deployment stage?
- How to remove a Gitlab project?
- gitlab CICD pipeline not triggering deploy stage
- Gitlab: How to use artifacts in subsequent jobs after build
- How to use GitLab Releases API?
- How to use environment variables in GitLab Omnibus configuration
- Angular - Production environment variables during deployment