将带有服务帐户的Firebase App部署到Heroku(带有dotenv的环境变量) [英] Deploying Firebase App with Service Account to Heroku (environment variables with dotenv)

问题描述

我有一个使用Firebase服务帐户的节点应用程序.我想将应用程序部署到Heroku，但是我不想公开我的秘密密钥.我直接从公共github存储库进行部署，因此我不想在部署中包括服务帐户文件.

I have a node application that uses a firebase service account. I would like to deploy the app to Heroku, but I don't want to make my secret keys public. I am deploying directly from a public github repo, so I don't want to include the service account file in the deployment.

我可以获取服务帐户json文件，将每个属性设置为环境变量，然后将每个变量添加到Heroku并进行部署.一切正常(在我的firebase应用程序上授权了新的Heroku域之后)，但是有更好的方法吗?这项工作可行，但是这样做很麻烦(复制并粘贴每个变量并将其移动).我是否错过了一种更简单的方法?

I can take the service account json file, make each property an environment variable, add each of those variables to Heroku and deploy it. Everything works great (after authorizing the new Heroku domain on my firebase application), but is there a better way to do this? This works, but it was kind of a pain to do (copying and pasting each variable and moving it). Am I missing an easier way to do this?

这是我正在做的更改.从此行中，它从文件中提取凭证:

Here is the change I am making. From this line where it is pulling the credentials from a file:

admin.initializeApp({
  credential: admin.credential.cert('./path/firebase-service-account.json'),
  databaseURL: "https://my-firebase-app.firebaseio.com"
});

从环境变量中引入所有相同内容的对象:

To this object that is bringing in all of the same things from environment variables:

admin.initializeApp({
  credential: admin.credential.cert({
    "type": process.env.FIREBASE_TYPE,
    "project_id": process.env.FIREBASE_PROJECT_ID,
    "private_key_id": process.env.FIREBASE_PRIVATE_KEY_ID,
    "private_key": process.env.FIREBASE_PRIVATE_KEY,
    "client_email": process.env.FIREBASE_CLIENT_EMAIL,
    "client_id": process.env.FIREBASE_CLIENT_ID,
    "auth_uri": process.env.FIREBASE_AUTH_URI,
    "token_uri": process.env.FIREBASE_TOKEN_URI,
    "auth_provider_x509_cert_url": process.env.FIREBASE_AUTH_PROVIDER_X509_CERT_URL,
    "client_x509_cert_url": process.env.FIREBASE_CLIENT_X509_CERT_URL
  }),
  databaseURL: "https://my-firebase-app.firebaseio.com"
});

这是将带有服务帐户的Firebase应用程序部署到Heroku的最佳实践吗?我正在使用dotenv节点模块来完成此操作.

Is this the best practice for deploying a firebase application with a service account to Heroku? I am using the dotenv node module to accomplish this.

推荐答案

证书选项对象有两个三个必填字段: clientEmail 和 privateKey (现在还有 projectId ).您的示例可以简化为:

There's two three mandatory fields for the cert options object: clientEmail and privateKey (and now also projectId). Your example can be trimmed down to:

admin.initializeApp({
  credential: admin.credential.cert({
    "projectId": process.env.FIREBASE_PROJECT_ID,
    "private_key": process.env.FIREBASE_PRIVATE_KEY,
    "client_email": process.env.FIREBASE_CLIENT_EMAIL,
  }),
  databaseURL: "https://my-firebase-app.firebaseio.com"
});

---

顺便说一句，某些环境可能无法使用 private_key env var中的换行符；我发现 key.replace(/\\ n/g，'\ n')是一个简单的解决方案.

---

As an aside, some environments might have trouble with newlines in the private_key env var; I found key.replace(/\\n/g, '\n') to be a straightforward solution.

这篇关于将带有服务帐户的Firebase App部署到Heroku(带有dotenv的环境变量)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！