Hi everyone,
So in this article I will be discussing about how to use GCP Secret Manager https://cloud.google.com/solutions/secrets-management with App Engine written in typescript to manage run time credentials needed to access different APIs in our case, firebase project services.
I will be discussing only the relevant parts but will share links if you want to go into the details.
Step 1 — Get the GCP App engine service account json file
Go to IAM & Admin -> Service Accounts
click on actions -> Edit -> create key -> save the json file
Give the secret accessor permission.
Step 2— Set up GCP Secret Manager to your project.
- Enable billing to your project in Google Cloud
- Enable Secret Manager API, follow the guide and create a new secret.
click on create secret
Give a secret name (service_account)-> upload the secret value file (the JSON of service_account we got before) -> add label (optional) -> click on create secret
A new secret will be created. click on the actions and click Copy Resource ID
Step 3 — Use Secret Manager Node Package to get the secret value in runtime
Now that we have set up the secret manager and our credentials are in place. Use the following code to access the secret value (credentials).
- Import “@google-cloud/secret-manager” npm package.
- Copy the below code to get the secret value. Make sure you replace your copied resource ID in the previous step in place of .
- You can also save the resource id in environment variables and access it instead of copying directly.
Incase you have to interact more than one firebase project, you can do it by following the code.
You can control different versions of the secret and disable them all from Google Cloud Console. You can set up multiple environments easily and set up run time variables to decide which environment to use.
That’s It! Hope this helps!
Top comments (0)