GCP Secret Manager to get runtime environment credentials

db.ts

import {SecretManagerServiceClient} from '@google-cloud/secret-manager';
import * as admin from 'firebase-admin';

const client = new SecretManagerServiceClient();

let credentails: admin.app.App;

export const db = async (): Promise<admin.app.App> => {
    if (credentails) {
        return credentails;
    } else {
        const [version] = await client.accessSecretVersion({
            name: <resource_id>, // enter the copied resource id here
        });
        const result: any = JSON.parse(version.payload.data.toString());
        const params = {
            type: result.type,
            projectId: result.project_id,
            privateKeyId: result.private_key_id,
            privateKey: result.private_key,
            clientEmail: result.client_email,
            clientId: result.client_id,
            authUri: result.auth_uri,
            tokenUri: result.token_uri,
            authProviderX509CertUrl: result.auth_provider_x509_cert_url,
            clientC509CertUrl: result.client_x509_cert_url,
        };
        credentails = admin.initializeApp({
            credential: admin.credential.cert(params),
            storageBucket: `gs://${result.project_id}.appspot.com`,
        });
        return credentails;
    }
};