Nandhakumar's Display Picture


Jun 9, 2023

4 min read

Storing and Using Google Service Account Keys as Environment Variables



#environment variables

Storing and Using Google Service Account Keys as Environment Variables

Hi There! 👋

Many cloud-based services, including Google Cloud Platform, use JSON-format service account keys to authenticate applications. These keys are required when accessing the cloud services for validation purposes. In such cases, storing these keys as an environment variable can be a viable solution as we don’t want to expose it.

In this blog post, I will guide you through the process of converting your Google service account keys into a string, setting it as an environment variable, and using it in your application.

Step 1: Converting Google Service Account Keys to a String

We will be using handlebars for templating and @sendgrid/mail to send emails. You can install these packages using the following command:

npm install handlebars @sendgrid/mail

Step 2: Setting Up Handlebars Templates

Google service account keys are typically provided as a JSON file. This file needs to be converted to a Base64 string, which can be done with different command-line utilities depending on your operating system.

For Unix-like Systems (Linux, MacOS):

Use the cat command in combination with base64:

cat service_account.json | base64

This will print out a long string of characters - your Base64-encoded service account keys.

For Windows Systems:

Use the certutil command to achieve the same result:

certutil -encode service_account.json service_account.base64 && findstr /v /c:- 
service_account.base64 > service_account_no_line_breaks.base64

Step 2: Setting the Environment Variable

Once you've got this Base64 string, you need to set it as an environment variable in your Node.js environment.

For Local Testing:

You can set environment variables directly in the terminal before you start your Node.js server:

export GOOGLE_KEYS="your-base64-string"

For Server Deployment:

If you're deploying to a server or a serverless environment, the way you set environment variables will depend on your provider. Be sure to consult their documentation for more detailed instructions.


If you are storing environment variables in a file like .env instead of storing it directly into server or local system environment, using dotenv library you can access the environment variables.

Make sure to mention that the .env file should be added to .gitignore to prevent it from being uploaded to public repositories, for security reasons.

Step 3: Using the Environment Variable in Your Code

With the environment variable set, you can access it in your code. By decoding the Base64 string back into its original format and parsing it as JSON, you will have access to your Google Service Account keys:

const GoogleServiceAccountKeys = JSON.parse(
  Buffer.from(process.env.GOOGLE_KEYS as string, "base64").toString()

Let's dive deeper into how this piece of code works,

Using Node.js and its built-in Buffer object to decode a base64 string stored in an environment variable and then parsing the resulting string as JSON. Here's what each part of the code is doing:

  • process.env.GOOGLE_KEYS as string: process.env is an object that holds the environment variables in Node.js. GOOGLE_KEYS is assumed to be one of these environment variables, and it's being treated as a string (as string). This environment variable is expected to hold a base64-encoded string representing the Google Service Account keys.
  • Buffer.from(process.env.GOOGLE_KEYS as string, "base64"): This is creating a new Buffer object from the GOOGLE_KEYS string, treating that string as base64-encoded data. Buffer is a global object in Node.js used to work with a sequence of binary data. The from method creates a new Buffer containing a copy of the provided data. In this case, it's creating a Buffer from the base64 string, effectively decoding the string from base64 back into its original form.
  • .toString(): This is converting the buffer back into a string. By default, toString() converts the buffer using the 'utf8' encoding, which is the most commonly used string encoding in JavaScript. As a result, you get the original JSON-formatted string that was encoded in the GOOGLE_KEYS variable.
  • JSON.parse(...): This is parsing the JSON-formatted string back into a JavaScript object. JSON.parse() is a standard JavaScript function that parses a string as JSON.
  • const GoogleServiceAccountKeys = ...: The resulting JavaScript object is being stored in a constant variable named GoogleServiceAccountKeys. which you can then use to authenticate your application with Google services.


Storing sensitive data like service account keys as environment variables provides security benefits and flexibility. Following this approach for your Google Service Account keys can make your application more secure and easier to deploy in various environments.

Thanks For Reading!

Hope you have learned something new today 😊.

I welcome your questions, feedback, and discussions on this topic. Don't hesitate to reach out if there's something you'd like to talk about.

If you find this post helpful Tweet this Post

Follow and connect with me on Twitter, Instagram, Email and LinkedIn for more interesting stuff like this.

Cheers ✌️