DEV Community

Cover image for How to backup your Firestore data automatically

How to backup your Firestore data automatically

Julien Landuré on August 01, 2019

With my team, we use a lot of Firebase features like Firestore. But there is no simple way to backup the data regularly. We created a tiny Docker...
Read full post
Collapse
 
gblaquiere profile image
blaquiere guillaume • Edited

Thanks for this great idea!

However, I'm skeptical about security management:

  • The service account has to have owner role? It's not too much?
  • Why adding the other roles if the service account is owner?
  • This highly granted role is simply base64 encoded and let in "clear" in environment variable!

Why do not simply consider this:

  • Rely on Cloud Run identity and grant the sufficient role on it
  • If you really need an additional/external service account, you maybe can consider berglas. If your code is in Go or in Python, you can easily use it (I wrote the Python lib for reading secrets from bucket)
Collapse
 
jlandure profile image
Julien Landuré Zenika

Hi Guillaume 👋

Thanks for your feedback. 👍
I invite you to report the error on the github of the project here.

For the service account and the ownerrole, I just followed the documentation here.
Perhaps we could use the Cloud Run service account.

This first tutorial on "how to backup your Firestore data" is described to show a simple usecase. I understand your advices on security management. Your idea to use KMS is interesting.

Thank you.

Collapse
 
gblaquiere profile image
blaquiere guillaume

I created the issue #7 and the pull request #8

Security still can be higher, with private Cloud Run, and Cloud Scheduler with a service account identity and the role run.invoker granted on it for calling the Cloud Run.

Unrelated comment: I hope you enjoy your GDE Summit weekend!

Best
Guillaume

Collapse
 
dkrause_za profile image
Daniel Krause

I am getting an error when hitting the list page
2019-08-20 13:21:49.832 SASTERROR: (gcloud.beta.firestore.operations.list) PERMISSION_DENIED: The caller does not have permission

firebase-backup@xxxxxx.gserviceacc... firebase-backup
Cloud Datastore Import Export Admin
Cloud Datastore Owner
Owner
Storage Admin

Collapse
 
jlandure profile image
Julien Landuré Zenika

Hi Daniel 👋

Thanks for your feedback. 👍
I invite you to report the error on the github of the project here

Perhaps you didn't enable the APIs 🤔
Be careful, like written in the docs, Only GCP projects with billing enabled can use the export and import functionality. Are you using the Spark Plan on Firebase? 😇

Please answer if you find a solution to share the solution to the community. 🙌

Collapse
 
dkrause_za profile image
Daniel Krause

Which APIs are required? Don't see any mention of these in either blog or github posting

Collapse
 
dkrause_za profile image
Daniel Krause

Thanks Julien, I only followed this blog post.
I'll take a loot at the github link as well

We are using Blaze Plan on the project

Collapse
 
dkrause_za profile image
Daniel Krause

What is the plan for the recover/import of these backups?

Collapse
 
jlandure profile image
Julien Landuré Zenika

Hi Daniel 👋
You can manually run the following commands in Cloud Shell to trigger the import.

Collapse
 
dkrause_za profile image
Daniel Krause

Excellent, that was my plan