Firebase Admin SDK Credentials
RequiredLearn how to generate Firebase Admin SDK service account credentials for secure server-side database access.
Admin SDK Service Accounts
Firebase Admin SDK service accounts provide server-side access to your Firebase project with full administrative privileges. These credentials enable secure, programmatic access to Firestore databases without user authentication.
Understanding Firebase Admin SDK Service Accounts
The Firebase Admin SDK provides privileged access to Firebase services from your server environment. Unlike client SDKs that require user authentication, the Admin SDK uses service account credentials to authenticate with full administrative privileges.
Admin SDK Capabilities
- Read and write to Firestore databases
- Bypass Firestore security rules
- Access all collections and documents
- Perform administrative operations
Service Account Details
- Automatically created with each Firebase project
- Format: firebase-adminsdk-xxxxx@PROJECT_ID.iam.gserviceaccount.com
- Has full administrative privileges by default
- Managed through Firebase Console
Generating Admin SDK Credentials
Access Firebase Console
Navigate to the Firebase Console and select your project.
Navigate to Project Settings
Click the gear icon (⚙️) next to "Project Overview" in the left sidebar and select "Project settings".
Go to Service Accounts Tab
In the project settings, click on the "Service accounts" tab. You'll see the Firebase Admin SDK configuration section.
What you'll see: The Admin SDK service account email will be displayed, typically in the format: firebase-adminsdk-xxxxx@your-project-id.iam.gserviceaccount.com
Generate New Private Key
In the "Firebase Admin SDK" section:
- Ensure "Node.js" is selected as the Admin SDK configuration snippet
- Click the "Generate new private key" button
- A dialog will appear warning about the security of the private key
- Click "Generate key" to confirm
- A JSON file will automatically download to your computer
Verify Downloaded Credentials
Open the downloaded JSON file and verify it contains the required Admin SDK fields:
{
"type": "service_account",
"project_id": "your-project-id",
"private_key_id": "key-id-here",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhki...\n-----END PRIVATE KEY-----\n",
"client_email": "firebase-adminsdk-xxxxx@your-project-id.iam.gserviceaccount.com",
"client_id": "123456789012345678901",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-xxxxx%40your-project-id.iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
}Key Fields Explanation:
- project_id: Your Firebase project identifier
- client_email: The Admin SDK service account email
- private_key: The RSA private key for authentication (keep this secure!)
- private_key_id: Unique identifier for this specific key
Admin SDK Permissions & Capabilities
✓ Full Firestore Access
- • Read from any collection or document
- • Write to any collection or document
- • Create, update, and delete data
- • Bypass all Firestore security rules
ℹ️ Additional Capabilities
- • Firebase Authentication user management
- • Firebase Cloud Messaging
- • Firebase Remote Config
- • Google Cloud services (where enabled)
⚠️ Security Considerations
- • Admin SDK bypasses all client-side security rules
- • Has the same privileges as a project owner
- • Can access all data regardless of user permissions
- • Should only be used in trusted server environments
Connecting to Firebase Schema Viewer
- ✓Automatically extracts all required fields
- ✓Eliminates typing errors in private key
- ✓Validates JSON structure before processing
- ✓Faster setup process
- ℹ️Copy individual fields from the JSON file
- ℹ️Useful in corporate environments with strict upload policies
- ℹ️Requires careful handling of the private key
Security Best Practices
- 🚫Never commit credentials to version control (Git, SVN, etc.)
- 🚫Never share the JSON file through email, chat, or public channels
- 🚫Never hardcode credentials in application source code
- ✓Store securely in password managers or encrypted storage
- ✓Rotate keys regularly (recommended every 90 days)
- ✓Use separate service accounts for different environments
- 👁️Monitor usage: Check service account activity in Firebase Console
- 🔄Key rotation: Generate new keys before old ones expire
- 🗑️Clean up: Delete unused service accounts and keys
- 📊Audit logs: Review access patterns in Google Cloud Console
Common Issues & Troubleshooting
Error: "Invalid service account credentials"
Cause: Malformed private key or corrupted JSON file
Solution: Download a fresh JSON file from Firebase Console. If manually entering, ensure the private key includes the complete content with proper line breaks.
Error: "Project not found"
Cause: Incorrect project ID or project access issues
Solution: Verify the project_id in your JSON matches your Firebase project exactly. Check that Firestore is enabled for the project.
Error: "Permission denied"
Cause: Service account lacks required permissions or has been disabled
Solution: Ensure the service account is active in Firebase Console. Admin SDK service accounts should have full permissions by default.
Error: "Key ID not found"
Cause: The private key has been deleted or rotated
Solution: Generate a new private key from the Firebase Console Service Accounts tab.