Jun 9, 2023
4 min read
Storing and Using Google Service Account Keys as Environment Variables
Hi There! 👋
Many cloud-based services, including Google Cloud Platform, use JSON-format service account keys to authenticate applications. These keys are required when accessing the cloud services for validation purposes. In such cases, storing these keys as an environment variable can be a viable solution as we don’t want to expose it.
In this blog post, I will guide you through the process of converting your Google service account keys into a string, setting it as an environment variable, and using it in your application.
Step 1: Converting Google Service Account Keys to a String
We will be using
handlebars for templating and
@sendgrid/mail to send emails. You can install these packages using the following command:
npm install handlebars @sendgrid/mail
Step 2: Setting Up Handlebars Templates
Google service account keys are typically provided as a JSON file. This file needs to be converted to a Base64 string, which can be done with different command-line utilities depending on your operating system.
For Unix-like Systems (Linux, MacOS):
cat command in combination with
cat service_account.json | base64
This will print out a long string of characters - your Base64-encoded service account keys.
For Windows Systems:
certutil command to achieve the same result:
certutil -encode service_account.json service_account.base64 && findstr /v /c:- service_account.base64 > service_account_no_line_breaks.base64
Step 2: Setting the Environment Variable
Once you've got this Base64 string, you need to set it as an environment variable in your Node.js environment.
For Local Testing:
You can set environment variables directly in the terminal before you start your Node.js server:
For Server Deployment:
If you're deploying to a server or a serverless environment, the way you set environment variables will depend on your provider. Be sure to consult their documentation for more detailed instructions.
If you are storing environment variables in a file like
.env instead of storing it directly into server or local system environment, using
dotenv library you can access the environment variables.
Make sure to mention that the
.env file should be added to
.gitignore to prevent it from being uploaded to public repositories, for security reasons.
Step 3: Using the Environment Variable in Your Code
With the environment variable set, you can access it in your code. By decoding the Base64 string back into its original format and parsing it as JSON, you will have access to your Google Service Account keys:
const GoogleServiceAccountKeys = JSON.parse( Buffer.from(process.env.GOOGLE_KEYS as string, "base64").toString() );
Let's dive deeper into how this piece of code works,
Using Node.js and its built-in Buffer object to decode a base64 string stored in an environment variable and then parsing the resulting string as JSON. Here's what each part of the code is doing:
process.env.GOOGLE_KEYS as string:
process.envis an object that holds the environment variables in Node.js.
GOOGLE_KEYSis assumed to be one of these environment variables, and it's being treated as a string
(as string). This environment variable is expected to hold a base64-encoded string representing the Google Service Account keys.
Buffer.from(process.env.GOOGLE_KEYS as string, "base64"): This is creating a new
Bufferobject from the
GOOGLE_KEYSstring, treating that string as base64-encoded data.
Bufferis a global object in Node.js used to work with a sequence of binary data. The
frommethod creates a new Buffer containing a copy of the provided data. In this case, it's creating a Buffer from the base64 string, effectively decoding the string from base64 back into its original form.
.toString(): This is converting the buffer back into a string. By default,
GoogleServiceAccountKeys. which you can then use to authenticate your application with Google services.
Storing sensitive data like service account keys as environment variables provides security benefits and flexibility. Following this approach for your Google Service Account keys can make your application more secure and easier to deploy in various environments.