How to authenticate Google Cloud Services on Heroku for Node.js App

How to authenticate Google Cloud Services on Heroku for Node.js App

In this post, I will talk about how you can authorize various Google Cloud services such as datastore, cloud storage, BigQuery etc. on Heroku so that the production environment authenticates the request and serve what it is meant to do.

Hello, everyone. I have been developing web-based application for a few months now and I am particularly interested in Node.js web applications. Node.js is particularly beneficial as it has a non-blocking nature — meaning it’s async nature lets other functions run while a time-consuming process is still running.

I have little exposure to Postgresql, but as I am a new developer and NoSQL databases are getting more traction as time goes by, I’ve read and learned more about NoSQL databases such as MongoDB and Google Cloud Platform. I must say that these NoSQL databases are new beasts in storing user information and data.

Recently, I’ve developed a Node.js application using Google Cloud Platform. The default database GCP (Google Cloud Platform) offers is Google Datastore, a non-relational and schema-less database. I can say, this is a new beast in the world of databases and this is going to dominate for many years.

Why You Need to Authenticate Google Cloud Services on a Production Environment?

As you build an application, it needs to store various data and that’s why it needs a storage system. GCP offers some features (they call it Google Cloud Library) such as Google Datastore, Cloud Storage, BigQuery and so on. To develop an app and test it, you need to authorize your identification with an access token so GCP can verify that you are a valid user.

However, the authentication you do for your local environment (for example, the laptop you are using to develop and test the app) has nothing to do when you want to deploy the app. Once you are done with developing the app, you will want to deploy to a server so that people all over the world can access it through a specific URL. There are several options that can serve your application, and among those Heroku, and Digital Ocean, Linode are some of the popular one.

In this article, I will talk about how to set up authentication for GCP services on Heroku. I believe once you perfectly understand how to set up authentication for one production environment, it will be a no-brainer for others.

Setting Up Authentication

We will create a Service Account using GCP console, and download a JSON file containing a private key that will determine a valid identity. Finally, we will save the file on a specific directory of our application and set up an environment variable on Heroku.

Creating a Service Account

I will assume that you have a working Node.js application that you want to deploy on Heroku and set up necessary authentication. The first step is to create a service account.

Open up your GCP console and select the project that you want to create service account for. For this example, I choose a project called “Clean and Green”.

Choose the project for which you want set up authentication

Once the project dashboard is open, click the hamburger menu from top-left and click “APIs & Services”, then “Credentials”.

Click ‘APIs & Services’ and then ‘Credentials’

Click “Create credentials” and choose “Service account key” from the dropdown menu.

Create a Service account key

On the next page, choose “App engine default service account” from the dropdown and specify a JSON key type. Then click “Create”.

Create an app engine default service account in JSON format

This will create a service account key and download a JSON file containing the key to your machine.

The next step is to move the JSON file to your application directory. You can save it to the root directory of the application. I prefer to create a config directory and save it in that directory.

Save the file to config directory in your project

The final step is to set up an environment variable on Heroku.

How to Set Up Environment Variable on Heroku for Node.js Apps

We will deploy the app on Heroku using Git. Make sure your app resides on the master branch of a Git Repository. Now open a terminal and do

$ heroku create

This will create a random link ending with “” through which you’ll see your app.

$ git push heroku master

This command will push code from the master branch to Heroku. This may take a couple of minutes and you will see the progress of app deployment on the terminal. Ensure that at least one instance of the app is running.

$ heroku ps:scale web=1

Once the app is deployed successfully, we need to set up GOOGLE_APPLICATION_CREDENTIALS environment variable and point it to the path of the service account key. In our case it is ‘config/keyFile.json’.

$ heroku config:set GOOGLE_APPLICATION_CREDENTIALS=‘config/keyFile.json’

Once you’ve set up the environment variable to verify ownership and deployed the app successfully, you are ready to checkout your app by

$ heroku open

From now on, if you use the deployed version of your app to create users and other stuff that needs GCP services, GCP will be able to verify your account and thus, you will see generated data on GCP console.