Skip to Content

Cloud Firestore prerequisites


These are the prerequisites for using the Cloud Firestore connector with a Cloud Firestore instance:

Create a service account and grant roles

Follow these steps to create a service account and grant roles to provide access to the Google Cloud project to be used with the Cloud Firestore connector:

  1. Select a project in the Google Cloud Console.


    Ensure the Cloud Firestore API is enabled, and a database has been added for the selected project.

  2. In the navigation menu, navigate to IAM & Admin > Service Accounts.

  3. Click Create Service Account, located along the top of the page.

  4. Enter the Service account details:

    Service account details

    • Service account name: Enter any string for the service account name.

    • Service account ID: This field is automatically populated to match the Service account name and can be edited, if desired.

    • Service account description: Enter a description for the service account.

  5. Click Create and Continue.

  6. Assign a role to allow access to the project (required for a successful connection in the Cloud Firestore connector):

    Assign roles

    • Role: Using the menu, select the appropriate Firebase role or custom role for your use case, then click Continue.


      When using a custom role, you must have the firebase.clients.list permission assigned to that role. otherwise, the Cloud Firestore connection won't be successful.

      When using predefined Firebase roles, these are the role combinations that can be granted to the service account to allow access to each Cloud Firestore activity:

      Activity Cloud Firebase Roles
      Query Firebase Admin or
      Firebase Viewer
      Create Firebase Admin or
      Firebase Viewer
      Update Firebase Admin or
      Firebase Viewer
      Delete Firebase Admin or
      Firebase Viewer
  7. Optionally, grant access to the service account to specific users:

    Assign users

  8. Click Done.

Obtain credentials

Follow these steps to obtain the credentials required for connection configuration:

  1. On the Service accounts page, click the Actions menu for the service account created above, then click Manage keys.

  2. Click Add Key > Create new key, select JSON as the Key type, and then click Create to download the JSON file to your computer:

    Create key

  3. Open the downloaded JSON file in a text editor and retain the values of the project_id, client_email, client_id, private_key_id, and private_key to be used during connection configuration.