Service Accounts

In order we can deploy a pipeline onto your Firebase or GCP project, you must grant us sufficient permissions to do so. The best and most secure way for you to grant us the permissions is to create a service account in your Google Cloud Platform console. Service account is a special type of Google account representing a non-human user that needs to access you project.

How to create a service account

Each pipeline has its own minimal set of permissions it needs.

  1. Choose a pipeline you want to deploy

  2. Log in into your GCP console

  3. Click on "CREATE SERVICE ACCOUNT" at the top of the page

  4. Set the account's name and description and click on "CREATE"

  5. Select the role according to pipeline's permissions and click "NEXT"

  6. Click on "CREATE KEY"

  7. Leave the option "JSON" selected and hit "CREATE"

Click on the "CREATE SERVICE ACCOUNT" button

Frequently Asked Questions

Q: How can I create the service account if I'm using Firebase, instead of Google Cloud Platform?

Even though you're interacting only with Firebase, under the hood your project is actually running on the Google Cloud Platform.

Q: Why do you need service account keys?

The service account keys you provide us is the only way how we can have an access to your Firebase or GCP account. We need this access in order to deploy the pipeline's code.

Q: Do you store the service account keys?

Yes. We have to store those keys in order to deploy new version of a pipeline every time you update it.

Q: Should I use separate service accounts for each account?

Ideally, yes. Using a different service account for each pipeline is the most secure way for you to make sure you aren't granting us more permissions than we really need. Nothing prevents you from using the same service account for each pipeline though.