Firebase Setup Guide
Connect SCBE to Firebase Firestore for persistent audit logs, trust history, and alerts.
Quick Setup (5 minutes)
Step 1: Create Firebase Project
- Go to Firebase Console
- Click “Create a project”
- Name it
scbe-governance(or your preference) - Disable Google Analytics (optional for this use case)
- Click “Create project”
Step 2: Enable Firestore
- In Firebase Console, click “Build” → “Firestore Database”
- Click “Create database”
- Choose “Start in production mode”
- Select your region (e.g.,
us-central1) - Click “Enable”
Step 3: Get Service Account Key
- Click the gear icon → “Project settings”
- Go to “Service accounts” tab
- Click “Generate new private key”
- Download the JSON file
- Keep this file secure - it grants full database access
Step 4: Configure SCBE
Option A: Environment Variable (Recommended)
# Point to your downloaded JSON file
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your-firebase-key.json"
# Start the API
python -m uvicorn api.main:app --port 8080
Option B: Inline JSON (for Docker/Serverless)
# Paste the entire JSON content
export FIREBASE_SERVICE_ACCOUNT_KEY='{"type":"service_account","project_id":"..."}'
# Start the API
python -m uvicorn api.main:app --port 8080
Verify Connection
# Check health endpoint
curl http://localhost:8080/v1/health
Expected response:
{
"status": "healthy",
"version": "1.0.0",
"checks": {
"api": "ok",
"pipeline": "ok",
"firebase": "connected"
}
}
Firestore Collections
SCBE creates these collections automatically:
| Collection | Purpose | Retention |
|---|---|---|
scbe_audit_logs | Immutable decision records | Configure in Firebase |
scbe_trust_history | Agent trust scores over time | 90 days recommended |
scbe_agents | Registered agent registry | Permanent |
scbe_alerts | Alerts for webhooks/Zapier | 30 days recommended |
Security Rules (Production)
Update Firestore security rules for production:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Only allow server-side access (service account)
match /{document=**} {
allow read, write: if false;
}
}
}
This blocks client-side access - only your API server can read/write.
Cost Estimation
Firebase free tier includes:
- 50K reads/day
- 20K writes/day
- 1 GB storage
For a pilot with ~1000 decisions/day:
- Reads: ~3000/day (well under limit)
- Writes: ~2000/day (well under limit)
- Cost: $0/month on free tier
Troubleshooting
“Firebase credentials not configured”
# Check if environment variable is set
echo $GOOGLE_APPLICATION_CREDENTIALS
# Or check inline config
echo $FIREBASE_SERVICE_ACCOUNT_KEY | head -c 50
“Permission denied”
- Check Firestore is enabled in Firebase Console
- Verify service account has “Cloud Datastore User” role
- Check the JSON key file is valid
“firebase_admin not found”
pip install firebase-admin google-cloud-firestore
Next Steps
- Zapier Integration - Connect alerts to Slack/Email
- Monitoring Setup - Grafana dashboards