我应该将google-services.json(从Firebase)添加到我的存储库吗? [英] Should I add the google-services.json (from Firebase) to my repository?
问题描述
我的问题是,应该这个.json文件被添加到公共(开源)回购。是API密钥的秘密吗?
解决方案 google-services.json
文件是 FireBase文档:
Firebase通过一个配置文件管理您的所有API设置和凭据。
该文件名为google-services.json < iOS上的code>和iOS上的
GoogleService-Info.plist
。
将它添加到 .gitignore
而不是将其包含在公共回购协议中。
这已在第26期,详细了解 google-services.json
包含。
像 googlesamples / google-services
确实有,例如 .gitignore
。
尽管如 stepheaw 发表评论, href =https://groups.google.com/forum/#!msg/firebase-talk/bamCgTDajkw/uVEJXjtiBwAJ =nofollow noreferrer>线程提及
对于库或开源示例,我们不包含JSON文件,因为用户插入自己的代码以将代码指向自己的后端。
这就是为什么您在GitHub上的大部分firebase库中都不会看到JSON文件。
如果数据库URL ,Android API密钥和存储桶对您来说并不是秘密,那么您可以考虑将该文件添加到您的仓库中。
正如 google-services.json是否对黑客安全?,但这并不简单。
I just signed up with Firebase and I created a new project. Firebase asked me for my app domain and a SHA1 debug key. I input these details and it generated a google-services.json file for me to add in the root of my app module.
My question is, should this .json file be added to a public (open source) repo. Is it something that should be secret, like an API key?
A google-services.json
file is, from the FireBase doc:
Firebase manages all of your API settings and credentials through a single configuration file.
The file is namedgoogle-services.json
on Android andGoogleService-Info.plist
on iOS.
It seems to make sense to add it to a .gitignore
and not include it in a public repo.
This was discussed in issue 26, with more details on what google-services.json
contains.
A project like googlesamples/google-services
does have it in its .gitignore
for instance.
Although, as commented by stepheaw, this thread does mention
For a library or open-source sample we do not include the JSON file because the intention is that users insert their own to point the code to their own backend.
That's why you won't see JSON files in most of our firebase repos on GitHub.
If the "database URL, Android API key, and storage bucket" are not secret for you, then you could consider adding the file to your repo.
As mentioned in "Is google-services.json safe from hackers?", this isn't that simple though.
这篇关于我应该将google-services.json(从Firebase)添加到我的存储库吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!