@abeebabdullahi033 I think you’ve misunderstood a few things.
Having values as environment variables only keeps them separate from your codebase.
How you use them during build, and subsequently where they end up, is up to your project.
If you have referenced them in front-end code, then they’re going to get compiled into front-end code.
Separate from that confusion, the environment variables that you’re referring to are Firebase keys and they do not need to be secret, see:
API Key Info:
https://firebase.google.com/docs/projects/api-keys
Security Rules: