stackoom
  简体   繁体   中英

How to store Token for firebase cloud functions efficiently?

 原文  2022-02-14 18:23:28       express/ google-cloud-functions/ google-secret-manager

Question

I have a firebase cloud function that uses express middleware to generate an authToken which is passed on up through the routes.

This token lasts 24 hr's so I don't want to spam the service with excessive requests. As such I want to cache the result for a while before regenerating it.

I considered two approaches.

  1. See how to cache the axios request when generating the token.
  2. Use Firebase Secret Manager to store the value.

Whilst researching the axios caching, I already had secret manager in use so have implemented both in parallel.

Secret Manager

Currently I have implemented secret manager to store and update the token, when I need the token for the external API, I can just grab it from secret manager..

I have a scheduled job that then creates a new token, and subsequently disables all prior secret versions before adding in the new token.

Creating the token is achieved by using axios to call the auth end point of the external API.

Axios Caching When it comes to finding out how to enable caching for express running on cloud functions. I'm currently getting the impression that it involves adding in another layer of complexity, such as either a CDN, or Redis solution.

I've also seen intermediate cache solutions such as https://github.com/AlbinoDrought/cachios which looks like it leverages local memory of some sort. Which I assume would mean that cloud functions distributed across different regions/instances would have there own unique local cache. I wouldn't know if this is a problem or not. But would I think be more lightweight in configuration and setup than say redis?

My Problem is, and I hope this isn't too opinion based for SO. but.

Is this use of secret manager a really bad idea. Given secret manager is generally I think geared around long lived values that don't change that often. Or is it perfectly fine, that if I have 2 requests a day, that could be 2x365 versions a year logged against the secret manager, which would have to be tidied up everynow and then. Are the implications I'm not aware of?

Or is enabling some sort of CDN or express caching layer a much more standard approach? And if so is there any guidance on a simple express caching layer that's geared specifically for google Firebase cloud functions?

1 answers

solution1
 1 ACCPTED  2022-02-25 18:58:51

2 requests per day is fine. See the documentation on rotating keys here: https://cloud.google.com/secret-manager/docs/rotation-recommendations

Note that it suggests, in approach 2 & 3, that valid use cases include grabbing secrets on each launch, and grabbing secrets continuously. 2x/day is less frequent than both of these.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cloud Functions | Login into Firebase and return access token Store Firebase Cloud Messaging Token in ViewModel SwiftUI Class Firebase Cloud Functions Deploy Error- SyntaxError: Unexpected token '?' Firebase cloud functions deployment error "Invalid source token" How to setup vpc connector for firebase cloud functions? Firebase Cloud Messaging Token How to build / compile firebase cloud functions with webpack How to use the Cloud Functions in order to use Firebase Cloud vision Cloud Functions for Firebase timeout Cloud functions for firebase generation 2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM