Firebase service accounts on Node.js

Here's how to set up a service account to access your firebase data base in admin mode. It's quite disjointed in the docs, so here it is from start to finish.

The console

Just as with the Google developer console, there's a Firebase console. You create an application there first, and then get some credentials via the settings. It's in a funny place - top left corner under permissions.


That takes you over to the Google cloud console IAM section, and you need to create a service account.

I'm creating one that has admin access to my project.

And I'll need to make a new private key JSON file to download to my project

Now we have a file downloaded that contains the key info for this service account, which has the authority to access admin for that Firebase project.

The Node.js code

Next, head over to your Node.js project. You're going to need firebase-admin.

npm install firebase-admin --save

Upload the the file you downloaded from the console to your Node project. I usually rename keys and keep them in a private folder which I add to .gitignore. This way you don't accidentally publish your secrets to github. I've moved the uploaded file there, and called it fbserviceaccount.json

Now we can write some code. As usual I have a namespace to hold what I'll need, starting with the initialization.  

  var fb = require("firebase-admin");
  var app;
  ns.base = "/push";

   * initialize firebase with SA
   * @return {Promise}
  ns.init = function() {

    app = fb.initializeApp({
      credential: fb.credential.cert(require("./private/fbserviceaccount.json")),
      databaseURL: "",
      databaseAuthVariableOverride: {
        uid: "zzzz"
    // set up things we'll need
    ns.db = app.database();
    ns.baseRef = ns.db.ref(ns.base);
    return ns;


    app = fb.initializeApp({
      credential: fb.credential.cert(require("./private/fbserviceaccount.json")),
      databaseURL: "",
      databaseAuthVariableOverride: {
        uid: "zzzz"

  • The key file is passed as an argument to fb.credential.cert which will use that as the credential property to initializeApp.
  • I want to limit my access to the database to the minimum I need. Using databaseAuthVariableOverride allows me to set the node project as a particular user which i can then reference in my database rules. Back in the Firebase console under 'rules'...

I make an entry to match the uid I've chosen for my Node app, which will allow this app to write to the database, but everyone else just to read it.
  "rules": {

      ".read": "auth != null",
      ".write": "auth.uid === 'zzzz'"

  • Finally, I'm only dealing with the /push section of my database with this app, so I set that up as the root reference for any reading and writing I'll be doing. 
And that's it - I can get things going like this

To test it, I'll create a method in my namespace for writing
  ns.set = function(key, value) {
    return ns.baseRef.child(key).set(value)
      .then(function() { 
        return key;

And do a quick test
FB.set ("xliberation",{name:"blogpost",item:"test"})
.then((function(e) {
  console.log('set', e);

.. here we are

For more like this, see React, redux, redis, material-UI and firebase. Why not join our forum, follow the blog or follow me on twitter to ensure you get updates when they are available.