Am using firebase with Angular, as usual, firebase has provided config keys for the project. The problem is I do not want to commit my keys to GitHub but I need these keys to be available since the application is deployed to GitHub pages via GitHub actions. If I include these keys in gitignore these keys will not get commited and my application will simply not work on gh-pages, I have created job through GitHub actions to build and deploy application to gh-pages on every push on master branch.
The questions are :-
- Is it safe to expose the config keys (api key, database url, appid etc) to GitHub.
- What is the method to deploy application to gh-pages but at the same time not exposing config keys through commits.
- Can we use GitHub secrets for this situation, if yes then how ?
Top comments (0)