Change GCP default service account while initializing firebase admin using node.js

Question

I am trying to deploy my cloud functions in GCP and post deployment it is linked to a default service account. However, I have provided values for specific service account on which it should get deployed/linked.

I am using

const admin = require('firebase-admin');
admin.initializeApp({
    credential: admin.credential.cert("path to serviceAccount.json")
});

Service account Json (removed keys for some obvious reasons)

{
  "type": "service_account",
  "project_id": "[PROJECT_ID]",
  "private_key_id": "xxxx",
  "private_key": "-----BEGIN PRIVATE KEY-----\n[KEY_IS_HERE]\n-----END PRIVATE KEY-----\n",
  "client_email": "[CLIENT_EMAIL]",
  "client_id": "[CLIENT_ID]",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "[CLIENT_CERT_URL]"
}

Once Functions are deployed, they are linked to the default service account [email protected]
However the keys are provided for [email protected]

I need suggestions on what needs to be done to deploy on some specific service account and not on default one.

Answer 1

As stated in this answer:

Firebase Cloud Functions use the {project-id}@appspot.gserviceaccount.com service account (App Engine default service account) ... Good to know: When using Google Cloud Functions, the service account being used while running the function can be defined when deploying the function.

But, as said in the first comment:

You can't specify the service account to use when deploying with the Firebase CLI. That only works when you deploy with gcloud, and you can't use gcloud to deploy functions that use the Firebase SDK to build functions. If you need a different service account for functions deployed with the Firebase CLI, you need to deploy the credentials for that account, and use them manually.

Which is the same as stated in the official documentation:

Once you have created a Firebase project, you can initialize the SDK with an authorization strategy that combines your service account file together with Google Application Default Credentials.

Firebase projects support Google service accounts, which you can use to call Firebase server APIs from your app server or trusted environment. If you're developing code locally or deploying your application on-premises, you can use credentials obtained via this service account to authorize server requests.