Firebase Deploy Error: 'Changing secrets is not supported' when using separate projects with Stripe 'Run Payments with Stripe' extension

Question

I'm trying to setup multiple environments for my Vue / Firebase Project. I have two Firebase Projects 1.) Dev 2.) Prod The project utilizes Stripe Extension which pulls the API Key from an auto-generated file called: firestore-stripe-payments.env

which contains:

STRIPE_API_KEY=projects/${param:PROJECT_NUMBER}/secrets/firestore-stripe-payments-STRIPE_API_KEY-xxxx/versions/latest

Where xxxx is a random 4 character string.

That line pulls the value of the key from Google Secret Manager.

Let's say Dev is 'dddd' and Prod is: 'pppp'

The issue is that I can only define either:

firestore-stripe-payments-STRIPE_API_KEY-dddd

or

firestore-stripe-payments-STRIPE_API_KEY-pppp

At first I tried to create a new value within Google Secret Manager simply called:

firestore-stripe-payments-STRIPE_API_KEY

The thought was this should be a simple fix, and it would pull the associated API_KEY for the project currently being used.

but this causes the error:

Error: firestore-stripe-payments: Found 'projects/foo/secrets/firestore-stripe-payments-STRIPE_API_KEY/versions/latest' for secret param STRIPE_API_KEY, but this instance was previously using a different secret projects/fooo/secrets/firestore-stripe-payments-STRIPE_API_KEY-dddd.
Changing secrets is not supported. If you want to change the value of this secret, use a new version of projects/foo/secrets/firestore-stripe-payments-STRIPE_API_KEY-dddd.You can create a new version at https://console.cloud.google.com/security/secret-manager?project=fooo
Also, if there is a better place to ask this question please let me know, couldn't find the 'right' room

score 1 · Answer 1 · answered Jan 16 '23 at 09:52

For this scenario, could you include a separate env (env.dev) file using the following guidelines

.env                # loaded in all cases
.env.local          # loaded in all cases, ignored by git
.env.[mode]         # only loaded in specified mode
.env.[mode].local

For generating separate keys for each environment, I believe from your example you are using a single Stripe Extension on a single project.

Firebase Extensions can support multiple instances of an Extension per project, this will create a separate "dev" secret for you to use.

Additionally, a separate Firebase project with another "Stripe Extension" installation would be recommended to separate any concerns in development.

I have two seperate Firebase projects. However it becomes a challenge because when you install the stripe extension from the web interface it creates a 'firestore-stipe-payments.env' file which defines your STRIPE_API_KEY. However for each environment if I generate the key, it overwrites the firestore-stripe-payments.env file. This would be ok, if I could simply have the key named the same thing. Then it could pull from Google Secret Manager based on which project it currently is in. However I configure the extension it won't allow me to change the key — Tom M, Jan 16 '23 at 17:51

Firebase Deploy Error: 'Changing secrets is not supported' when using separate projects with Stripe 'Run Payments with Stripe' extension

1 Answers1