GitHub Community
Secret scanning gives false positive for Google Firebase API key #58734
Unanswered
boocockp
asked this question in
Code Security
Replies: 2 comments 1 reply
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Can someone from GitHub chime in? We're currently considering whether to put effort into hiding the Firebase API key from our |
Beta Was this translation helpful? Give feedback.
1 reply
This comment was marked as off-topic.
This comment was marked as off-topic.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Product Feedback
Body
Web apps that use Google Firebase need to embed a unique API key in the client code just to identify which app is being used. This is flagged by secret scanning, but it has to be sent in clear to every user of the app, and it is not used for authentication or to control access. Google documentation says it is not intended to be secret.
More info at https://firebase.google.com/docs/projects/learn-more#config-files-objects
Beta Was this translation helpful? Give feedback.
All reactions