I am creating an app using monaca/onsenUI front-end with a firebase backend. In the front end, I have a script that makes the connection to my firebase
<script>
// Initialize Firebase
var config = {
apiKey: "myApiKey",
authDomain: "onsenapp.firebaseapp.com",
databaseURL: "https://onsenapp.firebaseio.com",
storageBucket: "",
};
firebase.initializeApp(config);
</script>
I am wondering how to secure the API key so users won't have API key when they look at the source code. In Rails, I believe you store the sensitive data in a .yml file and save the sensitive information in environment variables. What do you do in this case to protect sensitive data?
First of all, why should users be able to see the code? Are you using Onsen to develop a web-app?
If you are developing a Cordova App, you can use Monaca Power Plugins, like HTML5 Resource Encryption in order to encrypt your source code.