reading time 3 mins

This guide is designed to get you completely set up with Doppler when using Firebase. We will cover everything from constructing from debugging locally in shell & emulator to deploying your Firebase functions to production.


Secrets in Firebase

When developing for Firebase, you have two ways of accessing your secrets.

Local development: read your secrets and config out of the environment.

Production: Firebase requires you to use the functions.config() function from one of their environment-specific packages. You can find more info in the Firebase docs.


Do not use ".env" files

Firebase supports reading secrets from an ".env" file. This is generally considered insecure and is a big part of the reason Doppler exists! We strongly recommend NOT using ".env" files.

Reading Secrets

Since your secrets are read from different sources locally and in production, we recommend abstracting this away to a separate file.

const functions = require("firebase-functions");

let config = process.env;
// use firebase config when deployed to firebase
const deployedToFirebase = process.env.NODE_ENV === "production"
if (deployedToFirebase) {
  config = functions.config().env;  

module.exports = config;

We now have a configuration that can be called the same way locally and production. We will show an example at the end of this guide.

Updating your package.json

Locally we have to wrap the shell and emulator commands in our doppler run command.
If we want to deploy to production we have to set the firebase config. In the package.json below there is an example of what this would look like:

  "name": "functions",
  "description": "Cloud Functions for Firebase",
  "scripts": {
    "lint": "eslint .",
    "serve": "doppler run -- firebase emulators:start --only functions",
    "shell": "doppler run -- firebase functions:shell",
    "start": "npm run shell",
    "deploy": "npm run update_config && firebase deploy --only functions",
    "update_config": "firebase functions:config:unset env && firebase functions:config:set env=\"$(doppler secrets download --config prd --no-file --silent)\"",
    "logs": "firebase functions:log"

Using Secrets

Below is a simple cloud function to show how we would read environment variables that would work locally and in production.

const functions = require("firebase-functions");
const environment = require("./environment");

exports.example_env_variable = functions.https.onRequest((request, response) => {
    `Hello from Firebase! The secret 'EXAMPLE_VAR' is: '${environment.EXAMPLE_VAR}'`


Amazing Work!

Now you are all set up on Firebase. The next time you deploy your secrets will be fetched from Doppler.

Did this page help you?