So in this article I will be discussing about how to use GCP Secret Manager https://cloud.google.com/solutions/secrets-management with App Engine written in typescript to manage run time credentials needed to access different APIs in our case, firebase project services.
I will be discussing only the relevant parts but will share links if you want to go into the details.
Go to IAM & Admin -> Service Accounts
- Enable billing to your project in Google Cloud
- Enable Secret Manager API, follow the guide and create a new secret.
Give a secret name (service_account)-> upload the secret value file (the JSON of service_account we got before) -> add label (optional) -> click on create secret
A new secret will be created. click on the actions and click Copy Resource ID
Now that we have set up the secret manager and our credentials are in place. Use the following code to access the secret value (credentials).
- Import “@google-cloud/secret-manager” npm package.
- Copy the below code to get the secret value. Make sure you replace your copied resource ID in the previous step in place of .
- You can also save the resource id in environment variables and access it instead of copying directly.
Incase you have to interact more than one firebase project, you can do it by following the code.
You can control different versions of the secret and disable them all from Google Cloud Console. You can set up multiple environments easily and set up run time variables to decide which environment to use.
That’s It! Hope this helps!