Skip to content

Google Application Credentials

Jump to bottom
Spaccesi edited this page Mar 4, 2026 · 1 revision

Remember, documentation is king. For the full official reference, see Firebase App Distribution.

This guide walks you through generating a Google service account credentials file and securely adding it to your project.

Prerequisites

  • A Google Cloud project already created
  • Access to the Google Cloud Console
  • Firebase CLI or access to your project's secret manager

Step 1 — Open Service Accounts

Navigate to the IAM & Admin > Service Accounts page:

👉 https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts

Select your project from the project selector if prompted.

Step 2 — Create a New Service Account

  1. Click "Create Service Account"
  2. Fill in the required fields:
    • Name — a descriptive name (e.g., my-app-service-account)
    • ID — auto-generated, but can be customized
    • Description (optional but recommended) — briefly describe the account's purpose
  3. Click "Create and Continue"

Step 3 — Assign Permissions

Grant the service account the roles it needs. Common roles include:

  • Firebase Hosting Admin — for Firebase Hosting operations

⚠️ Follow the principle of least privilege — only grant the roles your application actually needs.

Click "Continue", then "Done".

Step 4 — Generate the Credentials File

  1. From the Service Accounts list, click on your newly created account
  2. Go to the "Keys" tab
  3. Click "Add Key" > "Create new key"
  4. Choose JSON as the key type
  5. Click "Create" — the file will download automatically as credentials.json

🔒 Keep this file private. Never commit it to version control.

Step 5 — Encode the File with Base64

Convert the JSON file into a Base64 string so it can be stored safely as a secret:

# macOS / Linux
base64 -I credentials.json | pbcopy

Step 6 — Store as a Secret

  1. Go to Your repository > Settings > Secret and variables > Actions on Github
  2. Click "New repository secret"
  3. Name it GOOGLE_APPLICATION_CREDENTIALS
  4. Paste the Base64 string as the secret value
  5. Click "Create"

Step 7 — Use the Secret in Your Project

In your application, decode the secret at runtime:

[...]
jobs:
  ci:
    name: Build & Verify
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Prepare, test and deploy flutter web app
        uses: Spaccesi/flutter-actions-suite@main
        with:
          [...]
          firebase-service-account-base64: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}

Summary

Step Action
1 Open Service Accounts in Google Cloud Console
2 Create a new service account
3 Assign the appropriate roles
4 Download the JSON key file
5 Encode it with Base64
6 Store it as a secret named GOOGLE_APPLICATION_CREDENTIALS
7 Add it to firebase-service-account-base64 input on the job

@

Clone this wiki locally