Why You Should Use Firebase Functions With A Service Account

<p><code>firebase-tools</code>&nbsp;is a popular library built by Google providing abstractions to develop and deploy&nbsp;<a href="https://firebase.google.com/" rel="noopener ugc nofollow" target="_blank">Firebase</a>&nbsp;applications.&nbsp;<code>firebase-tools</code>&nbsp;is the recommended way for deploying serverless functions to Firebase / Google Cloud. Firebase is a service built&nbsp;<a href="https://firebase.google.com/firebase-and-gcp/" rel="noopener ugc nofollow" target="_blank">on top of</a>&nbsp;Google&rsquo;s cloud platform.</p> <blockquote> <p>The Firebase Command Line Interface (CLI) Tools can be used to test, manage, and deploy your Firebase project from the command line.</p> <p>Deploy code and assets to your Firebase projects<br /> Run a local web server for your Firebase Hosting site<br /> Interact with data in your Firebase database<br /> Import/Export users into/from Firebase Auth</p> <p>Source:&nbsp;<a href="https://www.npmjs.com/package/firebase-tools" rel="noopener ugc nofollow" target="_blank">firebase-tools &mdash; npm (npmjs.com)</a></p> </blockquote> <p>I have used Firebase for about two years to develop a web application. A while back, I also started using native Google Cloud features like&nbsp;<a href="https://cloud.google.com/secret-manager" rel="noopener ugc nofollow" target="_blank">Secret Manager</a>&nbsp;to store secrets directly in the cloud. And precisely, the usage of Secret Manager should reveal a fatal flaw in the standard setup of&nbsp;<code>firebase-tools</code>&nbsp;and, more specifically, how Firebase recommends authenticating on personal and CI/CD environments.</p> <p><a href="https://betterprogramming.pub/why-you-should-use-firebase-functions-with-a-service-account-1e62028c94cc"><strong>Learn More</strong></a></p> <p>&nbsp;</p>