Where to store Google Service Account Key while using Google Firebase Functions

Question

Using Google Firebase Functions as a backend of the small application.

Functions are accessing to the Firestore and Realtime database, therefore they need service account credentials file.

On the other hand, I'm trying to automate the deployment of the functions using Github Actions.

Currently I places the credentials file inside the repository. I know that it's not secure.

What is the proper way of storing service account credentials file in this case?

Answer 1

Firebase projects, are, in effect, Google Cloud Platform projects.
More specifically, when you create a Firebase project, an associated Google Cloud Platform project is created for it.

Therefore the process for storing credentials is the same as in Cloud Platform, which is to say in a file, somewhere relatively safe.
This file should be accessible to your Function if it is required, and should either have its path specified as part of an environment variable or explicitly declared in code.

You are already storing it the proper way, because the improper way would be to insert the contents of the JSON file directly into code.
To prevent others from seeing the contents of the JSON file, simply set the respository as private.