使用服务帐户将 Firebase 应用程序部署到 Heroku(使用 dotenv 的环境变量) [英] Deploying Firebase App with Service Account to Heroku (environment variables with dotenv)

问题描述

我有一个使用 firebase 服务帐户的节点应用程序.我想将该应用程序部署到 Heroku，但我不想公开我的密钥.我直接从公共 github 存储库部署，所以我不想在部署中包含服务帐户文件.

I have a node application that uses a firebase service account. I would like to deploy the app to Heroku, but I don't want to make my secret keys public. I am deploying directly from a public github repo, so I don't want to include the service account file in the deployment.

我可以使用服务帐户 json 文件，将每个属性设为环境变量，将这些变量中的每一个添加到 Heroku 并部署它.一切正常(在我的 firebase 应用程序上授权新的 Heroku 域之后)，但是有没有更好的方法来做到这一点?这是可行的，但做起来有点痛苦(复制和粘贴每个变量并移动它).我错过了更简单的方法吗?

I can take the service account json file, make each property an environment variable, add each of those variables to Heroku and deploy it. Everything works great (after authorizing the new Heroku domain on my firebase application), but is there a better way to do this? This works, but it was kind of a pain to do (copying and pasting each variable and moving it). Am I missing an easier way to do this?

这是我正在做的改变.从它从文件中提取凭据的这一行:

Here is the change I am making. From this line where it is pulling the credentials from a file:

admin.initializeApp({
  credential: admin.credential.cert('./path/firebase-service-account.json'),
  databaseURL: "https://my-firebase-app.firebaseio.com"
});

对于从环境变量中引入所有相同内容的对象:

To this object that is bringing in all of the same things from environment variables:

admin.initializeApp({
  credential: admin.credential.cert({
    "type": process.env.FIREBASE_TYPE,
    "project_id": process.env.FIREBASE_PROJECT_ID,
    "private_key_id": process.env.FIREBASE_PRIVATE_KEY_ID,
    "private_key": process.env.FIREBASE_PRIVATE_KEY,
    "client_email": process.env.FIREBASE_CLIENT_EMAIL,
    "client_id": process.env.FIREBASE_CLIENT_ID,
    "auth_uri": process.env.FIREBASE_AUTH_URI,
    "token_uri": process.env.FIREBASE_TOKEN_URI,
    "auth_provider_x509_cert_url": process.env.FIREBASE_AUTH_PROVIDER_X509_CERT_URL,
    "client_x509_cert_url": process.env.FIREBASE_CLIENT_X509_CERT_URL
  }),
  databaseURL: "https://my-firebase-app.firebaseio.com"
});

这是将具有服务帐户的 firebase 应用程序部署到 Heroku 的最佳做法吗?我正在使用 dotenv 节点模块来完成此操作.

Is this the best practice for deploying a firebase application with a service account to Heroku? I am using the dotenv node module to accomplish this.

推荐答案

证书选项对象有两个三个必填字段:clientEmail 和 privateKey(现在还有 projectId).您的示例可以缩减为:

There's two three mandatory fields for the cert options object: clientEmail and privateKey (and now also projectId). Your example can be trimmed down to:

admin.initializeApp({
  credential: admin.credential.cert({
    "projectId": process.env.FIREBASE_PROJECT_ID,
    "private_key": process.env.FIREBASE_PRIVATE_KEY,
    "client_email": process.env.FIREBASE_CLIENT_EMAIL,
  }),
  databaseURL: "https://my-firebase-app.firebaseio.com"
});

---

顺便说一句，某些环境可能会在 private_key env var 中使用换行符；我发现 key.replace(/\n/g, ' ') 是一个简单的解决方案.

---

As an aside, some environments might have trouble with newlines in the private_key env var; I found key.replace(/\n/g, ' ') to be a straightforward solution.

这篇关于使用服务帐户将 Firebase 应用程序部署到 Heroku(使用 dotenv 的环境变量)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！