Difference between Firebase service account key files from Firebase and from GCloud?

0
votes

I am running scripts to interact with Firestore (e.g. creating a doc). I've provided a service account key file to do so (tried with key files from Firebase and GCloud) - scripts run the same.

I am aware that Firebase is now built / closely linked to GCloud so I am expecting the key files to be similar.

However, the docs recommend initializing the sdk with a key from Firebase console when adding Firebase admin to your server and from GCloud Console for unit testing.

So here are my questions:

  • Why recommend 2 different ways to generate them? Is one more appropriate than the other?
  • Do service account key files generated in Firebase (1) and GCloud (2) consoles differ in terms of scope? Do they allow the same operations? Are they granted equivalent permissions?

  1. Firebase Console > Project Settings > Service Accounts > Firebase Admin SDK > Create new private key https://console.firebase.google.com/project/[my-project-id]/settings/serviceaccounts/adminsdk

  2. Google Cloud Console > IAM & Admin > Service Accounts > App Engine default service account > Create key https://console.cloud.google.com/iam-admin/serviceaccounts?project=[my-project-id]

1
firebasegoogle-cloud-platform

1 Answers

2
votes

The service account and credentials provided by the Firebase console are no different than one that you'd create in the Cloud console. Firebase is just making it easier to get started, so you don't have to learn the Cloud console. If you want to use the one provided by Firebase, fine. If you want to use one you create and configure in the Cloud console, fine. The Firebase service account should be visible in the Cloud console just like any other. When it comes to assigning permissions to individual products, you can still choose either one to work with. It's up to you.