Security and devops practices for json credentials?


In following the tutorial for deploying to google cloud, I notice that we are instructed to put the json credentials files into our src folder in order to connect to a Firestore database:

How do you use these files securely, among multiple developers, without committing them to the git repository? Or are people committing these files to the repository, counting on the privacy of the repository to protect them? And if it is the latter, what would be done in the case of a public repository?


Hey @dnotes

In production, I would recommend using js files accessing environment variables instead of static json files.