Who can read config values set by functions:config:set command? - firebase

I'm working on the implementation of some Cloud Functions for Firebase and one of these require some configuration to call external providers.
I was able to successfully configure these values using firebase functions:config:set key="value" but I was wondering what are the actors able to read this value.
Is the function the only capable of read it? Should I encrypt "value"? At the end will have to have the key in order to decrypt it.
Thanks

Environment configuration is created exactly for keeping some settings or 3rd-party services keys.
Only your google functions will be able to extract the value on remote environment.
Also you can check those values locally using firebase functions:config:get key command.
To get those variables from the code of your function use this:
const functions = require('firebase-functions');
const someEnvVar = functions.config().key
// where key is name of key you setted before
See more in official docs

Related

Is there a way to read environment variables inside override.ts with AWS Amplify Auth

I used to AWS Amplify Auth for a social login, recently.
and, for social provider setting, I'm trying to use amplify auth override.
docs is here: https://docs.amplify.aws/cli/auth/override/
for security reason, I don't want write the secrets inside override.ts like client id, client secrets, etc.
Is it possible to read environment variables in override.ts?
or any idea?
Amplify CLI retained the information in amplify/backend/amplify-meta.json such as project environment information and others resources information.
I used amplify-meta.json as a module.
There is a StackName with the value of amplify-[PROJECT_NAME]-[ENVIRONMENT_NAME]-[PROECT_NUMBER]. So we can get the environment name by deconstructing the string.
override.ts
export function override(resources: AmplifyAuthCognitoStackTemplate) {
const amplifyMetaJson = require('../../../amplify-meta.json');
const envName = amplifyMetaJson.providers.awscloudformation.StackName.split("-").slice(-2, -1).pop();
console.log("Environment for cloudformation => ", envName);
}
Note: This is the temporary solution of an evil way. It is better to fix the issue.
https://github.com/aws-amplify/amplify-cli/issues/9063

firebase functions config - delete data

I added some data to the encrypted config service of firebase using the syntax described here.
Now that I don't need this anymore, I'd like to delete it from the config object. I understand that it's safely stored, I just don't want this config file to be polluted with information that I no longer need to use.
How do I delete data from the firebase functions config object?
The documentation you linked to has a section on additional environment commands.
firebase functions:config:unset key1 key2 removes the specified keys from the config

How to set config variables for cloud functions using gcloud cli

My Firebase default service account ( xxxx#appspot.gserviceaccount.com ) is deleted and cannot be recovered.
Hence I created different service account and now I have to deploy functions using gcloud CLI using gcloud beta functions deploy FUNCTION_NAME --service-account=NEW_SERVICE_ACCOUNT command.
How do I set firebase config variable using gcloud CLI which I can access via functions.config().
When you use Cloud Function, you can defined environment variable that you can use like this in Node
const val = process.env.KEY
To set this KEY=val into cloud function, you can use the env vars setter parameter
For reusing the Firebase functions.config(), and by looking the source code, it should work like this (I didn't test)
Define a JSON for your config, as described in the retrieve part of the Firebase doc
{
"someservice": {
"key":"THE API KEY",
"id":"THE CLIENT ID"
}
}
Make it inline and store it into a CLoud Functions file format. The key of the environment variable must be FIREBASE_CONFIG. The result must be like this (name it config.yaml for example)
FIREBASE_CONFIG: '{"someservice":{"key":"THE API KEY","id":"THE CLIENT ID"}}'
Add the file env vars to the Cloud Function
gcloud functions deploy --env-vars-file=config.yaml ....
Note: Why using a file?
Great question, because you can also use the --set-env-vars param. 2 problems
First, you need to inline the content and to skip the double quote " character. For this, you can do --set-env-vars=TEST=$(echo "'$(cat config.json | sed -z 's/\n//g')'")
The first solution works ONLY if you haven't comma ,. With comma, the gcloud command is lost and, even if you set your json inline content between simple quote ', it considers it as a new env var definition and fail.
Because I didn't have tested, I'm interested to know if this solution works or not!

Is there a way to use both test keys localhost and live keys remote with firebase functions

I have a project were I set up keys as such.
Live keys
functions:config:set stripe.secret="sk_live_..." stripe.publishable="pk_live_..."
Test keys
functions:config:set stripe.secret="sk_test_..." stripe.publishable="pk_test_..."
The application is in its beta stage but live. So there's a lot more changes still done in code.
So I want to avoid setting the keys each time I want to test out some new feature on localhost.
Is there a way to configure firebase functions, to correspond to different Environments?
When on localhost, it should validate with test keys and with on remote live keys?
There isn't a special per-environment configuration. What you can do instead is use the unique id of the project to determine which settings it should apply. Functions can read the deployed project id out of the process environment with GCP_PROJECT
const project_id = process.env.GCP_PROJECT
The values you should use during development is a matter of opinion - do whatever suits you the best.
I believe you can make a .runtimeconfig.json file in your functions directory, which the emulators will read.
For example, first set your local values with `firebase functions config:set stripe.secret="sk_test_...",
Then, run firebase functions config:get > .runtimeconfig.json
When that file is present, from my experience, your firebase emulators will read from that, and you won't keep overwriting production config variables.
Docs: https://firebase.google.com/docs/functions/local-emulator#set_up_functions_configuration_optional

Can Firebase RemoteConfig be accessed from cloud functions

I'm using Firebase as a simple game-server and have some settings that are relevant for both client and backend and would like to keep them in RemoteConfig for consistency, but not sure if I can access it from my cloud functions in a simple way (I don't consider going through the REST interface a "simple" way)
As far as I can tell there is no mention of it in the docs, so I guess it's not possible, but does anyone know for sure?
firebaser here
There is a public REST API that allows you to read and set Firebase Remote Config conditions. This API requires that you have full administrative access to the Firebase project, so must only be used on a trusted environment (such as your development machine, a server you control or Cloud Functions).
There is no public API to get Firebase Remote Config settings from a client environment at the moment. Sorry I don't have better news.
This is probably only included in newer versions of firebase (8th or 9th and above if I'm not mistaken).
// We first need to import remoteConfig function.
import { remoteConfig } from firebase-admin
// Then in your cloud function we use it to fetch our remote config values.
const remoteConfigTemplate = await remoteConfig().getTemplate().catch(e => {
// Your error handling if fetching fails...
}
// Next it is just matter of extracting the values, which is kinda convoluted,
// let's say you want to extract `game_version` field from remote config:
const gameVersion = remoteConfigTemplate.parameters.game_version.defaultValue.value
So parameters are always followed by the name of the field that you defined in Firebase console's remote config, in this example game_version.
It's a mouthful (or typeful) but that's how you get it.
Also note that if value is stored as JSON string, you will need to parse it before usage, commonly: JSON.parse(gameVersion).
Similar process is outlined in Firebase docs.

Resources