Accepted answer

Your API keys, database URL, app id etc are meant to be public.

According to the firebase docs:

The content is considered public, including your platform-specific ID (entered in the Firebase console setup workflow) and values that are specific to your Firebase project, like your API Key, Realtime Database URL, and Storage bucket name. Given this, use security rules to protect your data and files in Realtime Database, Cloud Firestore, and Cloud Storage.

The way you're meant to make your connection to firebase secure is to use security rules. You can add custom rules to make sure your DB is secure.

For example: You can make sure only userId 12345 has rights to create, read, update and delete records for userId12345.

Related Query

More Query from same tag