How to use API Keys stored in Google Firebase Cloud Functions
Question
I am trying to use the MailChimp API in my react website that is hosted on Google Firebase. I am trying to store my API keys using cloud function and the environment configuration. However, I am not entirely certain how to access those configuration variables after I set them. Are those variables made global throughout my entire react app, or do I need to import them somehow?
I am trying to the follow the documentation listed here: https://firebase.google.com/docs/functions/config-env
Here is what my file structure looks like:
2 answers
solution1
0 2022-01-27 04:06:09
The API keys are only available in the deployed function, not in the react app. You can call a function from your react app which then calls the MailChimp API. This keeps you API key out of the client side code which keeps it secure.
solution2
0 2022-01-27 13:03:32
Firebase can use Google Cloud Platform Services, you can integrate GCP Secret Manager on your functions. Google Secret Manager is a fully-managed, secure, and convenient storage system for such secrets.
Developers have historically leveraged environment variables or the filesystem for managing secrets in Cloud Functions. This was largely because integrating with Secret Manager required developers to write custom code… until now. With this service you can store your raw keys (these will be encrypted) and retrieved by your code function, this carries the benefit that you can restrict the access via Cloud IAM and service accounts. Also this can help you to define which members of your projects or which service accounts can access to the API keys(secrets) The permissions over the secrets can be configured so that even developers cannot see production environment keys, by assigning access permissions to secrets, but allowing that the function can get the secret (because the service account associated with your function can read the secret).
Other benefits include:
- Zero code changes. Cloud functions that already consume secrets via environment variables or files bundled with the source upload simply require an additional flag during deployment. The Cloud Functions service resolves and injects the secrets at runtime and the plaintext values are only visible inside the process.
- Easy environment separation. It's easy to use the same codebase across multiple environments, eg, dev, staging, and prod, because the secrets are decoupled from the code and are resolved at runtime.
- Supports the 12-factor app pattern. Because secrets can be injected into environment variables at runtime, the native integration supports the 12-factor pattern while providing stronger security guarantees.
- Centralized secret storage, access, and auditing. Leveraging Secret Manager as the centralized secrets management solution enables easy management of access controls, auditing, and access logs.
In this document you can find a code example in JS about how to use GCP Secret Manager.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.