Hi Nghiepnguyen, thanks for your question. firebaseConfig.js contains important keys to your firebase project. To prevent exposing these keys when you publish your codebase to an online repository like Github, you should protect these keys/secrets.

To do that, you create a .env file and define all your keys in there. If you’re using Firebase with React, you should start your environment variable name with REACT_APP_YOUR_VARIABLE_NAME.

Finally, make sure to ignore the .env file inside a .gitignore file before committing your code.

I hope this helps.