I’m experiencing an issue with my Gemini API key when deploying an app built with Google AI Studio.
My application works perfectly inside the Google AI Studio preview environment. However, once I publish/deploy the app, the live version cannot access the Gemini API. The requests fail with a 403 Permission Error.
To troubleshoot, I have already tried the following:
Removed the existing API key and created a new one
Checked the API key restrictions carefully
Verified that the correct API key is being used in the deployed environment
Despite these steps, the deployed application still cannot reach the Gemini API, while the preview version inside AI Studio works without any problems.
Has anyone experienced a similar issue or knows what might cause this behavior?
I’m experiencing the same. I restored the app to a very old version and still the same. Something happened and the env variables are not been recognized or used after publishing.
AI Studio publish now overwrites the Gemini API key. You need to replace them manually, for now I hope. From the publish screen in AIS, select Manage in Google Cloud. Select ‘Edit and Deploy new revision’. In both containers (nginx and app) select the Variables and Secrets. In the Environment Variables your GEMINI_API_KEY value will probably be empty. Add your API key into the value box. Repeat for the app container, adding the API key value if missing, unless the value is stored as a secret, in which case do not add the key in the environmental variables. Press Deploy. I used Claude to guide me through this.
It needs to be repeated every time you publish until they fix it.
Didn’t fix it. Actually the correct keys were already set there for me too. What’s weird is that an old app I made is still working.
For the app that this error occurs for I literally made 0 changes, the api key just randomly stopped working.
If anything the new feature where you set the secrets via an AIStudio settings dropdown isn’t working, since the keys are NOT being updated in the google cloud control panel.
There appears to be a new hell inflicted on us . Today it is demanding that an API key is needed, even though the key is set. Fails on preview and published version, which was for last night.
Adding to this thread. Same issue, thoroughly tested.
App: 3-model pipeline built entirely in AI Studio Build mode. Gemini 3.1 Pro for photo analysis, Nano Banana 2 for album art generation, Lyria 3 Clip for music generation. Firebase backend (separate project for Firestore/Storage/Auth). Works flawlessly in Preview.
Published URL: 403 Forbidden on every Gemini API call.
What I’ve tried (all failed):
Fresh publish as pure SPA (no server.ts, no Express proxy)
Three different API keys (including brand new, freshly created)
Manual env var in nginx-container
Manual env var in both nginx-container and app-container
Secret Manager with Secret Accessor role on default compute service account
Multiple model swaps (gemini-3-flash-preview, gemini-2.5-flash)
What I can confirm:
Service Worker intercepts correctly and proxies through nginx
The proxy completes the round trip (Status: 403, not 404 or network error)
AI Studio does now inject the key into nginx-container env vars on publish (this was empty before, may have been fixed recently)
The key works in Preview with all three models
The 403 is coming from Google’s API, not from Cloud Run auth
Bug: AI Studio publish pipeline breaks app-container image, causing permanent 403 errors
Summary: Every time you republish an app from Google AI Studio to Cloud Run, the publish pipeline fails to build the app-container image, leaving it as (missing). This breaks the deployed app and cannot be fixed by redeploying from Cloud Run manually.
Source code is uploaded to GCS (gs://ai-studio-bucket-...)
Container image is never built from that source
app-container shows image as (missing) in Cloud Run
Attempting to manually redeploy gives error: spec.template.metadata.annotations[run.googleapis.com/sources]: Source annotation has sources that are not referenced by a container
App fails with 403 / “Gemini API Key is missing or invalid” because the Node.js backend is never actually running
Key finding: The nginx-container works fine and correctly reads the API key (logs show API KEY FOUND). The issue is not the API key — the app-container backend simply doesn’t exist because the image was never built.
Impact:
App is permanently broken after every republish from AI Studio
Cannot be fixed from Cloud Run console without the original working image URL
Rolling back to a previous revision is the only workaround
Makes the AI Studio publish feature essentially unusable for iterative development
Workaround: Roll back to the last working revision in Cloud Run → Revisions → Manage Traffic → 100% to last working revision.
Adding my experience here. I have also got 403 errors from a deployed app which runs fine in the Ai Studio Preview Environment.
I have noticed something between the deployed project that is not working, and an earlier project deployed before Google made various changes to the way AI Studio works.
In the project that works, deployed 11th Feb, under Source (in cloud run, services), it shows all the various files.
In the project that doesn’t work, it shows the following message under Source instead - “This service was deployed using a container image. There is no source code available to edit.”
Under “edit and deploy new version”, there are also a different number of variables between the 2. The project that works only has a single variable which is the API Key. The one that doesn’t work has 2 containers and 3 variables, including the key.
