Reputation: 191
How to use service account to authenticate Cloud Run to Firestore
I'm looking for a way to connect Cloud Run to Firestore without using a service account access key. I have a key set up for my local dev environment to access Firestore. I know you can access Firestore from the account running Cloud Run containers, but haven't been able to find any documentation on how to do this.
The most I could find is using a Workforce Identity Federation but that seems to be focused on connecting external services which isn't my goal.
Edit, forgot to mention I'm using nodejs and am not using firebase, just firestore
Upvotes: 0
Views: 1314
Answers (1)
Reputation: 66
Every service in Cloud Run has a service account assigned (default Compute Engine service account), but you can create you own service account and assign it (Recommended), you don't need to download a key.
In the IAM section look for datastore permissions instead of Firestore permissions, because Firestore is the 'evolution' of datastore.
Follows the doc for more info: https://cloud.google.com/run/docs/configuring/service-accounts
Upvotes: 5
Related Questions
- Get document from Firestore with service account
- Service account does not have permission to access Firestore
- How to access to a Google Cloud Storage bucket from a Cloud Run service without using a local Service Account key file?
- Trying to access FirestoreAdminClient from Cloud Run service using firebase-admin. ERROR: 7 PERMISSION_DENIED: The caller does not have permission
- Using Firebase Admin Auth within Cloud Run Container
- cloud run authentication with user account
- GCP: How to grant a role to a service account on a Firestore collection?
- How Can I Obtain GCP service account credentials on Google Cloud Run?
- Pass user auth to Firestore from Cloud functions
- Why does my service account not give remote access to Google Cloud Firestore?