DEV Community

loading...
Cover image for TypeScript + GCP Secret Manager + Firebase + App Engine + Multiple Environment - Better Credential Management

TypeScript + GCP Secret Manager + Firebase + App Engine + Multiple Environment - Better Credential Management

shashkiranr profile image Shashi Kiran R ・2 min read

Hi everyone,

So in this article I will be discussing about how to use GCP Secret Manager https://cloud.google.com/solutions/secrets-management with App Engine written in typescript to manage run time credentials needed to access different APIs in our case, firebase project services.

I will be discussing only the relevant parts but will share links if you want to go into the details.

Step 1 — Get the GCP App engine service account json file

Go to IAM & Admin -> Service Accounts

Alt Text
click on actions -> Edit -> create key -> save the json file

Alt Text
Give the secret accessor permission.

Step 2— Set up GCP Secret Manager to your project.

  • Enable billing to your project in Google Cloud
  • Enable Secret Manager API, follow the guide and create a new secret.

Alt Text
click on create secret

Alt Text

Give a secret name (service_account)-> upload the secret value file (the JSON of service_account we got before) -> add label (optional) -> click on create secret

Alt Text

A new secret will be created. click on the actions and click Copy Resource ID

Step 3 — Use Secret Manager Node Package to get the secret value in runtime

Now that we have set up the secret manager and our credentials are in place. Use the following code to access the secret value (credentials).

  1. Import “@google-cloud/secret-manager” npm package.
  2. Copy the below code to get the secret value. Make sure you replace your copied resource ID in the previous step in place of .
  3. You can also save the resource id in environment variables and access it instead of copying directly.

Incase you have to interact more than one firebase project, you can do it by following the code.

You can control different versions of the secret and disable them all from Google Cloud Console. You can set up multiple environments easily and set up run time variables to decide which environment to use.

That’s It! Hope this helps!

Discussion (0)

pic
Editor guide