Firebase Functions
Learn how to integrate Doppler with Firebase Cloud Functions to sync secrets to production and during local development.


In this guide, you'll learn how to integrate Doppler into a Firebase Cloud Functions application so you'll never have to maintain an .env
file again.
Check out our Firebase sample repository to see a complete working solution.
Prerequisites
- Doppler Project created
- Doppler CLI installed
- Firebase application deployed
Secrets
Doppler syncs secrets to Firebase environment variables which are accessed from the doppler
property returned by the functions.config()
method:
const functions = require('firebase-functions');
const secrets = functions.config().doppler;
const API_KEY = secrets.API_KEY;
The following sections will now show you how to configure local development and CI/CD.
Local Development
Secrets are injected during local development using the CLOUD_RUNTIME_CONFIG
environment variable populated by the Doppler CLI. This removes the need for .env
and .runtimeconfig.json
files altogether.
Configure the Doppler CLI to fetch secrets for the Development
config by opening a terminal in the functions
directory and running:
doppler setup
You can verify the secrets fetched by the CLI at any time by running:
doppler secrets
Now update the serve
and shell
scripts (or similar) in the package.json
:
{
"scripts": {
"serve": "CLOUD_RUNTIME_CONFIG=\"$(doppler secrets download --no-file | jq '{doppler: .}')\" firebase emulators:start --only functions",
"shell": "CLOUD_RUNTIME_CONFIG=\"$(doppler secrets download --no-file | jq '{doppler: .}')\" firebase functions:shell",
}
}
Then test the functions emulator by running:
npm run serve
You and your teammates will never have out-of-date secrets again plus you don't have to worry about leaking credentials in unprotected .env
or .runtimeconfig.json
files.
CI/CD
Deploying to production in CI/CD is a two-step process:
- Update the function environment variables
- Update the function code
Add a new secrets-sync
script to the package.json
and update the existing deploy
script to use it:
{
"scripts": {
...
"secrets-sync": "firebase functions:config:unset doppler && firebase functions:config:set doppler=\"$(doppler secrets download --no-file)\"",
"deploy": "npm run secrets-sync && firebase deploy --only functions",
}
}
Your CI/CD environment will need a Doppler Service Token injected via a DOPPLER_TOKEN
environment variable to provide read-only access to the Production
config.
A Firebase deploy GitHub Action would then look something like this:
name: deploy
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./functions
steps:
- uses: actions/[email protected]
- uses: actions/[email protected]
- uses: dopplerhq/[email protected]
with:
node-version: '16'
- run: curl -sL https://firebase.tools | bash
- run: npm install
- run: npm run deploy
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
Amazing Work!
Now you know how to use Doppler to manage and sync secrets for Firebase Cloud Functions in local development and production.
Updated 28 days ago