I have a react website hosted with IONOS on a shared hosting plan, I now have a need to use Firebase for authentication and as such need to somehow secure my Firebase config variables. From my understanding I am unable to set environment variables on a shared hosting plan, is there another method I can use to securely store my config variables? Or am I going to have to migrate to another plan/webhost?
I have a php backend as ionos shared hosting doesn’t really have much else
Have a .php file only define the secrets variables, and include it where you need. Should someone try to access it directly, they'll just get nothing (since the PHP file in itself does nothing).
IOW, e.g. secrets.php:
<?php
$some_firebase_secret = '...';
(lacking ?> on purpose; the file doesn't need to emit e.g. a trailing newline)
and in a file that does your backend authentication whatever,
<?php
include 'secrets.php';
some_firebase_function($some_firebase_secret);
It's imperative that this isn't e.g. secrets.inc, if you're not able to configure the web server, since .inc files would not get processed as PHP, and someone accessing the file would be able to see the source and the secret.