earlymorning.dev / Firebase / Environment variables

Environment variables

firebase secrets pattern

we provide secrets through the CLI tool. We may then request some cloud functions to expose the secrets as Node.js process environment variables.

firebase functions:secrets:set ABC_API_KEY

.env file pattern

env-variables docs

we may set the env variables in a .env file

ABC_API_KEY=xxx

the .env should not be versioned. At function deployment, the firebase CLI tool sends the .env file to firebase servers.

read from env

read env within cloud functions

process.env

callable function: indicate the environment variables dependencies, that firebase should expose on the process.env

const options: CallableOptions = {
    region: "europe-west1",
    secrets: ["ABC_API_KEY"],
}

onCall<ReqData, Promise<ResData>>(options, async (request) => {
    const abcKey = process.env.ABC_API_KEY
})

onRequest

const options = { secrets: ["ABC_API_KEY"] }

onRequest(options, (req, res) => {
    process.env.ABC_API_KEY
})

debug secrets

gcloud secrets list --project <PROJECT_ID>

v1 (deprecated)

Tell firebase to save a token/key on our behalf so that we can access it by reference in code, without writing the actual key in code and in git as a result.

firebase functions:config:set sendgrid.key="...." sendgrid.template="TEMP"

Read from Env

Firebase exposes the tokens/keys in an object we get through the config() method.

const API_KEY = functions.config().myKey
earlymorning logo

© Antoine Weber 2025 - All rights reserved

earlymorning.dev / Firebase / Environment variables

Environment variables

firebase secrets pattern

we provide secrets through the CLI tool. We may then request some cloud functions to expose the secrets as Node.js process environment variables.

firebase functions:secrets:set ABC_API_KEY

.env file pattern

env-variables docs

we may set the env variables in a .env file

ABC_API_KEY=xxx

the .env should not be versioned. At function deployment, the firebase CLI tool sends the .env file to firebase servers.

read from env

read env within cloud functions

process.env

callable function: indicate the environment variables dependencies, that firebase should expose on the process.env

const options: CallableOptions = {
    region: "europe-west1",
    secrets: ["ABC_API_KEY"],
}

onCall<ReqData, Promise<ResData>>(options, async (request) => {
    const abcKey = process.env.ABC_API_KEY
})

onRequest

const options = { secrets: ["ABC_API_KEY"] }

onRequest(options, (req, res) => {
    process.env.ABC_API_KEY
})

debug secrets

gcloud secrets list --project <PROJECT_ID>

v1 (deprecated)

Tell firebase to save a token/key on our behalf so that we can access it by reference in code, without writing the actual key in code and in git as a result.

firebase functions:config:set sendgrid.key="...." sendgrid.template="TEMP"

Read from Env

Firebase exposes the tokens/keys in an object we get through the config() method.

const API_KEY = functions.config().myKey