Where should I store my Google service account key file for Azure Functions?

Clay Casper 166 Reputation points
2024-02-14T21:42:44.7633333+00:00

We are using the firebase admin sdk to protect our Azure function. It's easy enough locally because you just have a GOOGLE_APPLICATION_CREDENTIALS env var that has the path to the key file. See https://firebase.google.com/docs/admin/setup#initialize_the_sdk_in_non-google_environments. When I host in Azure, how should I authenticate the sdk? With the research I've done, I've heard of using a storage mount or breaking the file into individual application settings. I'm weary to use a storage mount because I'm not sure of the security of that.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,903 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Q&A Assist
    2024-02-14T21:42:44.7666667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To authenticate the Firebase Admin SDK in Azure Functions, you can store the Google service account key file as an application setting. By default, connection strings and secrets used by your function app and bindings are stored as application settings. You can store the contents of the key file as an application setting and retrieve it in your function code using the application setting name.

    To store the key file as an application setting, you can follow these steps:

    1. Open the Azure portal and navigate to your function app.
    2. In the left-hand menu, click on "Configuration".
    3. Click on the "+ New application setting" button.
    4. Enter a name for the application setting, such as "GOOGLE_APPLICATION_CREDENTIALS".
    5. Paste the contents of the key file into the "Value" field.
    6. Click "OK" to save the application setting.

    In your function code, you can retrieve the contents of the key file using the name of the application setting. For example, in Node.js, you can use the process.env object to access the value of an application setting:

    const admin = require('firebase-admin');
    
    const serviceAccount = JSON.parse(process.env.GOOGLE_APPLICATION_CREDENTIALS);
    
    admin.initializeApp({
      credential: admin.credential.cert(serviceAccount),
      // ...
    });
    

    By default, application settings and connection strings are stored encrypted in Azure and decrypted only before being injected into your app's process memory when the app starts. However, if you prefer to manage the secure storage of your secrets, you can use Azure Key Vault to store and retrieve secrets.


    References:

    0 comments No comments

  2. MayankBargali-MSFT 70,141 Reputation points
    2024-02-20T12:15:39.7866667+00:00

    @Clay Casper Any application configuration on your function app should be defined in the configuration section of your function app and you need to access them as documented here.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.