使用 Secret Manager 中存储的秘密初始化 Firebase Admin SDK
[英]Initialize Firebase Admin SDK using secret stored in Secret Manager
问题描述
I am trying to initialize the Firebase Admin SDK within a Cloud Run application, using a separate service account (ie not the default service account).
我正在尝试使用单独的服务帐户(即不是默认服务帐户)在 Cloud Run 应用程序中初始化 Firebase Admin SDK。
The documentation suggests:文档建议:
import firebase_admin
from firebase_admin import credentials
cred = credentials.Certificate("path/to/serviceAccountKey.json")
firebase_admin.initialize_app(cred)
However, I would like to avoid packaging secrets into the Cloud Run container, so I am retrieving the json file from Secret Manager, and trying to create the credentials, and pass it into: firebase_admin.initialize_app(cred)但是,我想避免将机密打包到 Cloud Run 容器中,因此我从 Secret Manager 检索 json 文件,并尝试创建凭据,并将其传递到:firebase_admin.initialize_app(cred)
import firebase_admin
from google.cloud import secretmanager
from google.oauth2 import service_account
# Create credentials object then initialize the firebase admin client
sec_client = secretmanager.SecretManagerServiceClient()
name = sec_client.secret_version_path(GOOGLE_CLOUD_PROJECT_NUMBER, FIREBASE_SA_SECRET_NAME, "latest")
response = sec_client.access_secret_version(name)
service_account_info = json.loads(response.payload.data.decode('UTF-8'))
creds = service_account.Credentials.from_service_account_info(service_account_info)
firebase_admin.initialize_app(creds)
Error received:收到错误:
ValueError: Illegal Firebase credential provided.
Any tips are appreciated.任何提示表示赞赏。
1 个解决方案
解决方案1
5 已采纳 2020-06-21 04:19:06
import firebase_admin
from google.cloud import secretmanager
from google.oauth2 import service_account
# Create credentials object then initialize the firebase admin client
sec_client = secretmanager.SecretManagerServiceClient()
name = sec_client.secret_version_path(GOOGLE_CLOUD_PROJECT_NUMBER, FIREBASE_SA_SECRET_NAME, "latest")
response = sec_client.access_secret_version(name)
service_account_info = json.loads(response.payload.data.decode('utf-8'))
# build credentials with the service account dict
creds = firebase_admin.credentials.Certificate(service_account_info)
# initialize firebase admin
firebase_app = firebase_admin.initialize_app(creds)
解决方案2
0 2020-08-06 15:35:46
I am trying to initialize the Firebase Admin SDK within a Cloud Run application, using a separate service account (ie not the default service account).我正在尝试使用单独的服务帐户(即不是默认服务帐户)在 Cloud Run 应用程序中初始化 Firebase Admin SDK。
The documentation suggests:文档建议:
import firebase_admin
from firebase_admin import credentials
cred = credentials.Certificate("path/to/serviceAccountKey.json")
firebase_admin.initialize_app(cred)
However, I would like to avoid packaging secrets into the Cloud Run container, so I am retrieving the json file from Secret Manager, and trying to create the credentials, and pass it into: firebase_admin.initialize_app(cred)但是,我想避免将机密打包到 Cloud Run 容器中,因此我从 Secret Manager 中检索 json 文件,并尝试创建凭据,并将其传递到:firebase_admin.initialize_app(cred)
import firebase_admin
from google.cloud import secretmanager
from google.oauth2 import service_account
# Create credentials object then initialize the firebase admin client
sec_client = secretmanager.SecretManagerServiceClient()
name = sec_client.secret_version_path(GOOGLE_CLOUD_PROJECT_NUMBER, FIREBASE_SA_SECRET_NAME, "latest")
response = sec_client.access_secret_version(name)
service_account_info = json.loads(response.payload.data.decode('UTF-8'))
creds = service_account.Credentials.from_service_account_info(service_account_info)
firebase_admin.initialize_app(creds)
Error received:收到错误:
ValueError: Illegal Firebase credential provided.
Any tips are appreciated.任何提示表示赞赏。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.