From c69d453db4a1edd4232b0e7340be662a9aef4d3d Mon Sep 17 00:00:00 2001
From: Kevin Cheung <kevincheung@google.com>
Date: Mon, 1 Jul 2024 11:53:53 -0700
Subject: [PATCH 1/2] Tweaks and corrections to cloud secrets info

---
 docs/firebase.md | 84 +++++++++++++++++++++++++++++++++++-------------
 1 file changed, 62 insertions(+), 22 deletions(-)

diff --git a/docs/firebase.md b/docs/firebase.md
index a82c4c79a..828e28a51 100644
--- a/docs/firebase.md
+++ b/docs/firebase.md
@@ -64,20 +64,46 @@ deploying the default sample flow to Firebase.
       1.  [Generate an API key](https://aistudio.google.com/app/apikey) for the
           Gemini API using Google AI Studio.
 
-      1.  Set the `GOOGLE_GENAI_API_KEY` environment variable to your key:
+      1.  Store your API key in Cloud Secret Manager:
 
           ```posix-terminal
-          export GOOGLE_GENAI_API_KEY=<your API key>
+          firebase functions:secrets:set GOOGLE_GENAI_API_KEY
           ```
 
+          This step is important to prevent accidentally leaking your API key,
+          which grants access to a potentially metered service.
+
+          See [Store and access sensitive configuration information](https://firebase.google.com/docs/functions/config-env?gen=2nd#secret-manager)
+          for more information on managing secrets.
+
       1.  Edit `src/index.ts` and add the following after the existing imports:
 
-      <!--See note above on prettier-ignore -->
-      <!-- prettier-ignore -->
-      ```js
-      import {defineSecret} from "firebase-functions/params";
-      defineSecret("GOOGLE_GENAI_API_KEY");
-      ```
+          <!--See note above on prettier-ignore -->
+          <!-- prettier-ignore -->
+          ```js
+          import {defineSecret} from "firebase-functions/params";
+          const googleAIapiKey = defineSecret("GOOGLE_GENAI_API_KEY");
+          ```
+
+          Then, in the flow definition, declare that the cloud function needs
+          access to this secret value:
+
+          <!--See note above on prettier-ignore -->
+          <!-- prettier-ignore -->
+          ```js
+          export const menuSuggestionFlow = onFlow(
+            {
+              name: "menuSuggestionFlow",
+              // ...
+              httpsOptions: {
+                secrets: [googleAIapiKey],  // Add this line.
+              },
+            },
+            async (subject) => {
+              // ...
+            }
+          );
+          ```
 
       Now, when you deploy this function, your API key will be stored in
       Cloud Secret Manager, and available from the Cloud Functions
@@ -93,19 +119,6 @@ deploying the default sample flow to Firebase.
           page, ensure that the **Default compute service account** is granted
           the **Vertex AI User** role.
 
-      1.  **Optional**: If you want to run your flow locally, as in the next
-          step, set some additional environment variables and use the
-          [`gcloud`](https://cloud.google.com/sdk/gcloud) tool to set up
-          application default credentials:
-
-          ```posix-terminal
-          export GCLOUD_PROJECT=<your project ID>
-
-          export GCLOUD_LOCATION=us-central1
-
-          gcloud auth application-default login
-          ```
-
     The only secret you need to set up for this tutorial is for the model
     provider, but in general, you must do something similar for each service
     your flow uses.
@@ -120,7 +133,9 @@ deploying the default sample flow to Firebase.
       {
         name: "menuSuggestionFlow",
         // ...
-        httpsOptions: {cors: true}, // Add this line.
+        httpsOptions: {
+          cors: true,  // Add this line.
+        },
       },
       async (subject) => {
         // ...
@@ -133,6 +148,31 @@ deploying the default sample flow to Firebase.
 
 1.  **Optional**: Try your flow in the developer UI:
 
+    1.  Make API credentials available locally. Do one of the following,
+        depending on the model provider you chose:
+
+        - {Gemini (Google AI)}
+
+          Set the `GOOGLE_GENAI_API_KEY` environment variable to your key:
+
+          ```posix-terminal
+          export GOOGLE_GENAI_API_KEY=<your API key>
+          ```
+
+        - {Gemini (Vertex AI)}
+
+          Set some additional environment variables and use the
+          [`gcloud`](https://cloud.google.com/sdk/gcloud) tool to set up
+          application default credentials locally:
+
+          ```posix-terminal
+          export GCLOUD_PROJECT=<your project ID>
+
+          export GCLOUD_LOCATION=us-central1
+
+          gcloud auth application-default login
+          ```
+
     1.  Start the UI:
 
         ```posix-terminal

From c50f3314abd5ccb5a0a3466654c40743ca9db83b Mon Sep 17 00:00:00 2001
From: Kevin Cheung <kevincheung@google.com>
Date: Mon, 1 Jul 2024 11:57:11 -0700
Subject: [PATCH 2/2] li

---
 docs/firebase.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/firebase.md b/docs/firebase.md
index 828e28a51..e3bf3076c 100644
--- a/docs/firebase.md
+++ b/docs/firebase.md
@@ -181,7 +181,7 @@ deploying the default sample flow to Firebase.
         genkit start
         ```
 
-    2.  In the developer UI (http://localhost:4000/), run the flow:
+    1.  In the developer UI (http://localhost:4000/), run the flow:
 
         1.  Click **menuSuggestionFlow**.