I try to use cloud secret manager in combination with firebase app hosting, but app hosting can't fetch the keys from the secret manager when it's building.
My apphosting.yaml file looks like this:
env:
- variable: NEXT_PUBLIC_FIREBASE_API_KEY
secret: NEXT_PUBLIC_FIREBASE_API_KEY
- variable: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
secret: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
- variable: NEXT_PUBLIC_FIREBASE_PROJECT_ID
secret: NEXT_PUBLIC_FIREBASE_PROJECT_ID
- variable: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
secret: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
- variable: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
secret: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
- variable: NEXT_PUBLIC_FIREBASE_APP_ID
secret: NEXT_PUBLIC_FIREBASE_APP_ID
- variable: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
secret: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
- variable: TURNSTILE_SECRET_KEY
secret: TURNSTILE_SECRET_KEY
- variable: TURNSTILE_SITE_KEY
secret: TURNSTILE_SITE_KEY
- variable: RECAPTCHA
secret: RECAPTCHA
I've added the secrets with the following command and I see them in the cloud secret manager:
firebase functions:secrets:set NEXT_PUBLIC_FIREBASE_API_KEY --project xx
Later I gave them the following principals with the role Secret Manager Secret Accessor:
I also tried with the command firebase apphosting:secrets:grantaccess NEXT_PUBLIC_FIREBASE_API_KEY, but that gave me the error apphosting did exist.
xx = my project name
Anyone have an idea what I'm missing? When I build I receive this error:
Misconfigured secret Error resolving secret version with name=projects/xx/secrets/NEXT_PUBLIC_FIREBASE_API_KEY/versions/latest. Please ensure the secret exists in your project and that your App Hosting backend has access to it. If the secret already exists in your project, please grant your App Hosting backend access to it with the CLI command 'firebase apphosting:secrets:grantaccess'
I try to use cloud secret manager in combination with firebase app hosting, but app hosting can't fetch the keys from the secret manager when it's building.
My apphosting.yaml file looks like this:
env:
- variable: NEXT_PUBLIC_FIREBASE_API_KEY
secret: NEXT_PUBLIC_FIREBASE_API_KEY
- variable: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
secret: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
- variable: NEXT_PUBLIC_FIREBASE_PROJECT_ID
secret: NEXT_PUBLIC_FIREBASE_PROJECT_ID
- variable: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
secret: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
- variable: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
secret: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
- variable: NEXT_PUBLIC_FIREBASE_APP_ID
secret: NEXT_PUBLIC_FIREBASE_APP_ID
- variable: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
secret: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
- variable: TURNSTILE_SECRET_KEY
secret: TURNSTILE_SECRET_KEY
- variable: TURNSTILE_SITE_KEY
secret: TURNSTILE_SITE_KEY
- variable: RECAPTCHA
secret: RECAPTCHA
I've added the secrets with the following command and I see them in the cloud secret manager:
firebase functions:secrets:set NEXT_PUBLIC_FIREBASE_API_KEY --project xx
Later I gave them the following principals with the role Secret Manager Secret Accessor:
I also tried with the command firebase apphosting:secrets:grantaccess NEXT_PUBLIC_FIREBASE_API_KEY, but that gave me the error apphosting did exist.
xx = my project name
Anyone have an idea what I'm missing? When I build I receive this error:
Misconfigured secret Error resolving secret version with name=projects/xx/secrets/NEXT_PUBLIC_FIREBASE_API_KEY/versions/latest. Please ensure the secret exists in your project and that your App Hosting backend has access to it. If the secret already exists in your project, please grant your App Hosting backend access to it with the CLI command 'firebase apphosting:secrets:grantaccess'
Found the solution.. I missed an important install and the errors weren't making it very clear what I was missing.
I had to run the following command:
curl -sL https://firebase.tools | bash
After this I could run the command from above answers, but I had to provide the project too:
firebase apphosting:secrets:grantaccess NEXT_PUBLIC_FIREBASE_API_KEY --backend xx --project xx
With --backend xx being the apphosting backend like @Alex Kempton was stating.
I had the exact same issue, and I can confirm that the comment from @raghavendra-n was the answer for me. You need to find the name of your backend, which is at the top of the App Hosting section of the firebase console.
firebase apphosting:secrets:grantaccess VARIABLE_NAME --backend appname
This then sets up some IAM stuff which made my deployment work.
firebase apphosting:secrets:grantaccesscommand must be run with--backendparameter. Example:firebase apphosting:secrets:grantaccess VARIABLE_NAME --backend appname. Are you sure you got this command right? – Raghavendra N Commented Mar 5 at 10:36