Github 中的 Firebase creditentials.json 文件?
[英]Firebase creditentials.json file in Github?
问题描述
I have a Nodejs server with Firebase Admin.
我有一个带有 Firebase Admin 的 Nodejs 服务器。 I am now confused as to how to have the Credentials ready in my github or anywhere when I want to host my server.我现在对如何在我的 github 或我想托管我的服务器的任何地方准备好凭证感到困惑。 In the Firebase docs they explicitly recommend using export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json" which doesn't make any sense in production environment as you cannot commit this file to github and you cannot deploy it as is (especially if you use github to build your image and deploy that).在 Firebase 文档中,他们明确建议使用export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"这在生产环境中没有任何意义,因为您无法将此文件提交到 github 并且您无法部署它原样(特别是如果您使用 github 构建图像并部署它)。 So what is the common practice in this case?那么在这种情况下,常见的做法是什么? How do I get my credentials when deploying the server?部署服务器时如何获取我的凭据?
2 个解决方案
解决方案1
0 2021-10-19 21:23:42
This will mainly depend on the tools you use to deploy and run your applications.这主要取决于您用于部署和运行应用程序的工具。 If running on Kubernetes, you can use Secrets to mount the json file on your containers.如果在 Kubernetes 上运行,您可以使用Secrets将 json 文件挂载到您的容器上。 Docker and Docker Swarm provide similar capabilities . Docker 和 Docker Swarm 提供了类似的功能。 Ideally, the json file should never be permanently packaged into images.理想情况下,json 文件永远不应该被永久打包到图像中。 They should almost always be securely mounted/wired at runtime.它们几乎总是在运行时安全地安装/接线。
解决方案2
0 2022-01-13 17:32:37
I usually use environment variables with values I pulled from the service account file:我通常使用具有从服务帐户文件中提取的值的环境变量:
FIREBASE_ADMIN_PRIVATE_KEY_ID='b819266b01e17ec23a63564d8c602d0fd729ecdf'
FIREBASE_ADMIN_PRIVATE_KEY='-----BEGIN PRIVATE KEY-----xxx'
FIREBASE_ADMIN_CLIENT_EMAIL='xxx@xxx.iam.gserviceaccount.com'
FIREBASE_ADMIN_CLIENT_ID='xxx'
FIREBASE_ADMIN_AUTH_PROVIDER_X509_CERT_URL='https://www.googleapis.com/oauth2/v1/certs'
FIREBASE_ADMIN_CLIENT_X509_CERT_URL='https://www.googleapis.com/robot/v1/metadata/x509/xxx.iam.gserviceaccount.com'
The rest is included in the client-side config so it's safe to check into source control:其余部分包含在客户端配置中,因此可以安全地检查源代码控制:
const serviceAccount = {
'type': 'service_account',
'project_id': 'your-project-id',
'private_key_id': dotenv.FIREBASE_ADMIN_PRIVATE_KEY_ID,
// See: https://stackoverflow.com/a/50376092/3403247.
'private_key': (dotenv.FIREBASE_ADMIN_PRIVATE_KEY as string).replace(/\\n/g, '\n'),
'client_email': dotenv.FIREBASE_ADMIN_CLIENT_EMAIL,
'client_id': dotenv.FIREBASE_ADMIN_CLIENT_ID,
'auth_uri': 'https://accounts.google.com/o/oauth2/auth',
'token_uri': 'https://oauth2.googleapis.com/token',
'auth_provider_x509_cert_url': dotenv.FIREBASE_ADMIN_AUTH_PROVIDER_X509_CERT_URL,
'client_x509_cert_url': dotenv.FIREBASE_ADMIN_CLIENT_X509_CERT_URL,
} as ServiceAccount;
Then initialize the app:然后初始化应用程序:
import { initializeApp, cert } from 'firebase-admin/app';
app = initializeApp({ credential: cert(serviceAccount) });
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.