Can Google Cloud Build Trigger Substitution Variables exposed publicly?

In order to build my NextJS app, my Firebase Private Key is required at build time. Google Cloud Build has a feature called Substituting variable values.

I would like to know if there is a risk of someone being able to access this key publicly?

That is to assume I didn't write code that accidentally exposes the key.

Solution

I suggest you use Secrets Manager to store your private key. You're still passing it as an environment variable, but it's being done securely rather than you explicitly passing it as an env var directly.

How can I work with FCM using Cloud Firestore?
Writing to FireStore - how to show error when fails (if no network)
Build falied after flutterfire is configured
java.lang.IllegalAccessError: superclass access check failed: class org.jetbrains.kotlin.kapt3.base.javac.KaptJavaCompiler?
Android Firestore query paging FirebaseFirestoreException: INVALID_ARGUMENT
How can I shut down the local firebase emulators?
Flutter: include of non-modular header inside framework module 'firebase_core.FLTFirebasePlugin'
Error: RangeError [ERR_BUFFER_OUT_OF_BOUNDS] when Fetching Document from Firestore
Error: Failed to get Firebase project project-name. Please make sure the project exists and your account has permission to access it
suspend function returning too early
Why is the Payload Null in My Redux Action?
Firebase - Multi-location updates method deprecated, what now?
How to Detect User First Time Logging in Firebase on Web App Javascript
Firebase - Check if it's the first time signing in
iOS Firebase Swift, using on OnDisconnect to monitor online status does not work
Access Firestore ID generator on the front end
Angular V18, SSR and requests to Firestore
Firebase Function using ffmpeg successful with emulator, out of memory when deployed
Android Firebase DataSnapshot class returning null to custom java object
app crash on FireBase FireStore connection
Flutter NSException: Configuration fails. It may be caused by an invalid GOOGLE_APP_ID in GoogleService-Info.plist or set in the customized options
Firebase Auth: Requests from this Android client application com.xxx are blocked
OTP SMS verification code request failed: unknown status code: 17499 BILLING_NOT_ENABLED
Using firebase with WatchKit
How do I find out what the current version of Firebase Tools is
DatabaseException: Failed to get FirebaseDatabase instance: Specify DatabaseURL within FirebaseApp or from your GetInstance() call
set timeout for firebase cloud function via console
FirebaseCommandException: An error occured on the Firebase CLI when attempting to run a command
React Native to firestore: Firestore (8.2.1): Connection WebChannel transport errored
CocoaPods could not find compatible versions for pod "Firebase/Core” | cloud_firestore, Flutter