0

I try to use cloud secret manager in combination with firebase app hosting, but app hosting can't fetch the keys from the secret manager when it's building.

My apphosting.yaml file looks like this:

env:
-   variable: NEXT_PUBLIC_FIREBASE_API_KEY
    secret: NEXT_PUBLIC_FIREBASE_API_KEY
-   variable: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
    secret: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
-   variable: NEXT_PUBLIC_FIREBASE_PROJECT_ID
    secret: NEXT_PUBLIC_FIREBASE_PROJECT_ID
-   variable: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
    secret: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
-   variable: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
    secret: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
-   variable: NEXT_PUBLIC_FIREBASE_APP_ID
    secret: NEXT_PUBLIC_FIREBASE_APP_ID
-   variable: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
    secret: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
-   variable: TURNSTILE_SECRET_KEY
    secret: TURNSTILE_SECRET_KEY
-   variable: TURNSTILE_SITE_KEY
    secret: TURNSTILE_SITE_KEY
-   variable: RECAPTCHA
    secret: RECAPTCHA

I've added the secrets with the following command and I see them in the cloud secret manager: firebase functions:secrets:set NEXT_PUBLIC_FIREBASE_API_KEY --project xx

Later I gave them the following principals with the role Secret Manager Secret Accessor:

  1. [email protected]
  2. [email protected]

I also tried with the command firebase apphosting:secrets:grantaccess NEXT_PUBLIC_FIREBASE_API_KEY, but that gave me the error apphosting did exist.

xx = my project name

Anyone have an idea what I'm missing? When I build I receive this error:

Misconfigured secret Error resolving secret version with name=projects/xx/secrets/NEXT_PUBLIC_FIREBASE_API_KEY/versions/latest. Please ensure the secret exists in your project and that your App Hosting backend has access to it. If the secret already exists in your project, please grant your App Hosting backend access to it with the CLI command 'firebase apphosting:secrets:grantaccess'

Improve this question
1
  • firebase apphosting:secrets:grantaccess command must be run with --backend parameter. Example: firebase apphosting:secrets:grantaccess VARIABLE_NAME --backend appname. Are you sure you got this command right? Commented Mar 5 at 10:36

3 Answers 3

Reset to default
1

Found the solution.. I missed an important install and the errors weren't making it very clear what I was missing.

I had to run the following command: curl -sL https://firebase.tools | bash

After this I could run the command from above answers, but I had to provide the project too:

firebase apphosting:secrets:grantaccess NEXT_PUBLIC_FIREBASE_API_KEY --backend xx --project xx

With --backend xx being the apphosting backend like @Alex Kempton was stating.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If you have multiple SECRET_KEYS, go to your project IAM and add these

  • Secret Manager Admin

  • Secret Manager Secret Accessor

in the principal named : firebase-app-hosting-compute@PROJECT_ID.iam.gserviceaccount.com

Improve this answer

Comments

0

I had the exact same issue, and I can confirm that the comment from @raghavendra-n was the answer for me. You need to find the name of your backend, which is at the top of the App Hosting section of the firebase console.

firebase apphosting:secrets:grantaccess VARIABLE_NAME --backend appname

This then sets up some IAM stuff which made my deployment work.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.