The Firebase telemetry plugin requires a Google Cloud or Firebase project ID and application credentials.
If you don't have a Google Cloud project and account, you can set one up in the Firebase Console or in the Google Cloud Console. All Firebase project IDs are Google Cloud project IDs.
Enable APIs
Prior to adding the plugin, make sure the following APIs are enabled for your project:
These APIs should be listed in the API dashboard for your project. Click to learn more about how to enable and disable APIs.
User Authentication
To export telemetry from your local development environment to Firebase Genkit Monitoring, you will need to authenticate yourself with Google Cloud.
The easiest way to authenticate as yourself is using the gcloud CLI, which will automatically make your credentials available to the framework through Application Default Credentials (ADC).
If you don't have the gcloud CLI installed, first follow the installation instructions.
Authenticate using the
gcloudCLI:gcloud auth application-default loginSet your project ID
gcloud config set project PROJECT_ID
Deploy to Google Cloud
If deploying your code to a Google Cloud or Firebase environment (Cloud Functions, Cloud Run, App Hosting, etc), the project ID and credentials will be discovered automatically with Application Default Credentials.
You will need to apply the following roles to the service account that is running your code (i.e. 'attached service account') using the IAM Console:
roles/monitoring.metricWriterroles/cloudtrace.agentroles/logging.logWriter
Not sure which service account is the right one? See the Find or create your service account section.
Deploy outside of Google Cloud (with ADC)
If possible, use Application Default Credentials to make credentials available to the plugin.
Typically this involves generating a service account key and deploying those credentials to your production environment.
Follow the instructions to set up a service account key.
Ensure the service account has the following roles:
roles/monitoring.metricWriterroles/cloudtrace.agentroles/logging.logWriter
Deploy the credential file to production (do not check into source code)
Set the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable as the path to the credential file.GOOGLE_APPLICATION_CREDENTIALS = "path/to/your/key/file"
Not sure which service account is the right one? See the Find or create your service account section.
Deploy outside of Google Cloud (without ADC)
In some serverless environments, you may not be able to deploy a credential file.
Follow the instructions to set up a service account key.
Ensure the service account has the following roles:
roles/monitoring.metricWriterroles/cloudtrace.agentroles/logging.logWriter
Download the credential file.
Assign the contents of the credential file to the
GCLOUD_SERVICE_ACCOUNT_CREDSenvironment variable as follows:
GCLOUD_SERVICE_ACCOUNT_CREDS='{
"type": "service_account",
"project_id": "your-project-id",
"private_key_id": "your-private-key-id",
"private_key": "your-private-key",
"client_email": "your-client-email",
"client_id": "your-client-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "your-cert-url"
}'Not sure which service account is the right one? See the Find or create your service account section.
Find or create your service account
To find the appropriate service account:
- Navigate to the service accounts page in the Google Cloud Console
- Select your project
- Find the appropriate service account. Common default service accounts are as follows:
Firebase functions & Cloud Run
PROJECT ID-compute@developer.gserviceaccount.comApp Engine
PROJECT ID@appspot.gserviceaccount.comApp Hosting
firebase-app-hosting-compute@PROJECT ID.iam.gserviceaccount.com
If you are deploying outside of the Google ecosystem or don't want to use a default service account, you can create a service account in the Google Cloud console.