Hi everyone,

I couldn’t find clear documentation on handling JSON service account files for secrets management in Streamlit Community Cloud deployments. Since this is a common need, I want to share the working solution I found using TOML:

Problem: Streamlit Cloud’s secrets management relies on TOML format, but service accounts often provide credentials as JSON.

Solution:

1. Manual Conversion:

• Choose a section name in your secrets.toml file for example
  [GOOGLE_CREDENTIALS]
• Remove curly braces {} from your JSON.
• Convert commas to newlines.( Remove Commas after each key value pair)
• Replace JSON double quotes for keys with simple key names.
• Use = instead of colons :.

Example secrets.toml:

[GOOGLE_CREDENTIALS]
type = "service_account"
project_id = "gen-lang-client-1234567"
private_key_id = "123467876656"
# ... other keys

2. Accessing in Code:

import streamlit as st

google_credentials = st.secrets["GOOGLE_CREDENTIALS"] 
# Now use 'google_credentials' for authentication

Notes:

• Deployment: Place secrets.toml in your project’s root directory or use Streamlit Cloud’s UI for secrets.
• Security: Never commit secrets.toml to public repositories.

hi there i have tried a couple of diffrent ways but i cant get secrets.toml to work

[GOOGLE_CREDENTIALS]
type = "service_account"
project_id = "gen-lang-client-1234567"
private_key_id = "123467876656"
# ... other keys

and all i am getting : Authentication error: (‘invalid_grant: Invalid JWT Signature.’, {‘error’: ‘invalid_grant’, ‘error_description’: ‘Invalid JWT Signature.’})

this is my implementation

import json
import streamlit as st
import firebase_admin

from firebase_admin import credentials, auth
from pprint import pprint 

# Function to initialize Firebase app
def initialize_firebase():
    credentials = st.secrets["GOOGLE_CREDENTIALS"]
    cred = credentials.Certificate(credentials)
    firebase_admin.initialize_app(cred)

could you share some light here