Connect firebase-admin-python securely via AWS s3 and AWS IAM role.

firebase_connect.py

import os
import firebase_admin
from firebase_admin import credentials
import boto3
from settings.local_settings import AWS_REGION, ENVIRONMENT
import json

firebase_config_file = 'app-admin-config-{}.json'.format(ENVIRONMENT)
firebase_admin_creds_file = 'app-admin-sdk-{}.json'.format(ENVIRONMENT)

current_dir = os.path.abspath(os.path.dirname(__file__))
files = [f for f in os.listdir(current_dir) if os.path.isfile(f)]

if firebase_config_file not in files and firebase_admin_creds_file not in files:
    s3 = boto3.resource('s3', region_name=AWS_REGION)
    bucket = s3.Bucket('app-s3-secrets')()

    firebase_config = json.loads(
        bucket.Object('app-admin-config-{}.json'.format(ENVIRONMENT)).get()['Body'].read())
    firebase_admin_creds = json.loads(
        bucket.Object('app-admin-sdk-{}.json'.format(ENVIRONMENT)).get()['Body'].read().decode())

class Firebase:
    @staticmethod
    def get_connection():
        cred = credentials.Certificate(firebase_admin_creds)
        return firebase_admin.initialize_app(cred, firebase_config)


app = Firebase.get_connection()

gistfile1.txt

Assumptions:
* AWS KMS keys in the same region as s3 bucket
* S3 bucket with AWS KMS key from above encrypting bucket
* IAM Role to access S3 & KMS
* Files saved in s3 bucket