Menu
I've just opened a Firebase Cloud Messaging project intended for Android push messages.
The gear icon shows one server key (obfuscated here for obvious reasons):
I would like to have more than one key, so I can distribute them to servers and developers and revoke compromised keys if necessary.
How do I manage (add and delete) server keys in Firebase?
677
In the Firebase console, open Settings > Service Accounts. Click Generate New Private Key, then confirm by clicking Generate Key. Securely store the JSON file containing the key.
What is an FCM Key and why do I need one? Firebase Cloud Messaging or FCM is a service that allows you to send web push notifications using VWO Engage (formerly PushCrew or any other platform).
If you go to https://console.cloud.google.com/apis/credentials and select the Android key (auto created by Firebase) , then you will see an Application Restrictions section. You need to pick the Android Apps option and add an entry for each application id / Keystore SHA1 of your app.
You can always restrict you firebase project keys to domains / IP's. select your project Id and key and restrict it to Your Android/iOs/web App.
Update:
As of the moment, the way it should be done in order to generate a new Server Key, as stated in the docs:
Starting from Sept. 2016 new server key can only be created in the Firebase Console using the Cloud Messaging tab of the Settings panel. Existing projects that need to create a new server key can be imported in the Firebase console without affecting their existing configuration.
For the project migration steps, see my answer here.
For generating Server Keys, there is no way to generate one in the Firebase Console. It can be done via the Google Developers Console:
Steps retrieved from my answer here
After you select API Key, it will directly create an API key without asking what type of key (Server, Android, Browser, iOS) it is. It will only allow you to set some Restrictions that was visible depending on which API Key you intend to generate.
By default, the key generated has No Restrictions, this makes a key vulnerable, that's why it is highly encouraged for you to add a restriction for your API key. In this case, since you are using it for FCM (Server Key is needed), you must add an IP Address restriction and only allow specific server IP addresses.
With that said, I don't know how you plan to integrate multiple server keys to a single Firebase Project though. Why not just make use of the IP Addresses restriction and remove the server IP address that are deemed compromised?
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
