Answer a question

I worked on a personal project for last few weeks, and used github asa the VCS, but now i want to make the project public so i have to ask the next thing.

I forgot to create an individual file for the firebase config object and add it to gitignore, so it is visible in the project if you search for it

var firebaseConfig = {
  apiKey: "API_KEY",
  authDomain: "PROJECT_ID.firebaseapp.com",
  databaseURL: "https://PROJECT_ID.firebaseio.com",
  projectId: "PROJECT_ID",
  storageBucket: "PROJECT_ID.appspot.com",
  messagingSenderId: "SENDER_ID",
  appId: "APP_ID",
  measurementId: "G-MEASUREMENT_ID",
};

The object contains this data, my question is, could i do anything to secure the firebase account so that when i publish the project there won't be problems with people trying to mess with my backend?

Or is there any other option?

Answers

In addition of resetting your key, you could use git filter-repo (see INSTALL) in order to rewrite all commits, changing the content of that version file with a blob callback.

You would replace apiKey: "..." by apiKey: "XXX".

git filter-repo --blob-callback '
    blob.data = blob.data.replace(b"yourKey", b"AN_ENVIRONMENT_VARIABLE")
'

That way, your code history is based on an environment variable name, instead of an old key value.