diff --git a/.envrc-push-gateway.local.template b/.envrc-push-gateway.local.template
index bf8a697c98cea38107734626c44ef82d5cab9b4b..33ce292960747a3bc52dd21a4b8e014fa62bcb3e 100644
--- a/.envrc-push-gateway.local.template
+++ b/.envrc-push-gateway.local.template
@@ -1,10 +1,9 @@
 # ========= SYGNAL PUSH GATEWAY CONFIGURATION =========
 export SYGNAL_CONF=/data/sygnal.yaml
 
-# API key for Firebase Cloud Messaging
-export HOLI_CHAT_PUSH_GATEWAY_FCM_API_KEY=
-
 export APNS_KEYFILE=/data/apns_keyfile_staging.p8
 export APNS_KEY_ID=
 export APNS_TEAM_ID=
-export APNS_TOPIC=
\ No newline at end of file
+export APNS_TOPIC=
+
+export FCM_KEYFILE=
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index ff34c9fe7660f822049598ce67733857a42dee0e..24d97a8f28d50ac577e7120bf92567eb4803ae92 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ apns-test/node_modules/
 data-push-gateway/apns_keyfile_staging.p8
 apns-test/apns_keyfile_staging.p8
 .idea/
+data-push-gateway/fcm_keyfile.json
diff --git a/data-push-gateway/sygnal.yaml.template b/data-push-gateway/sygnal.yaml.template
index 873b0333ec4217fa51d716581f40df33811d95e1..0ee2a4f86a3b753d0730ecc4d991aa8bccce5ded 100644
--- a/data-push-gateway/sygnal.yaml.template
+++ b/data-push-gateway/sygnal.yaml.template
@@ -207,7 +207,9 @@ apps:
   #
   social.holi:
     type: gcm
-    api_key: ${HOLI_CHAT_PUSH_GATEWAY_FCM_API_KEY}
+    api_version: v1
+    project_id: holi-shared
+    service_account_file: ${FCM_KEYFILE}
   #
   #  # This is the maximum number of connections to GCM servers at any one time
   #  # the default is 20.
diff --git a/terraform/environments/deployment_push_gateway.tf b/terraform/environments/deployment_push_gateway.tf
index 2311c79fd873b8891114e6b3e47bb8a7e9acb362..411f6ee083ec5a4d0984900ff0317a6abb886143 100644
--- a/terraform/environments/deployment_push_gateway.tf
+++ b/terraform/environments/deployment_push_gateway.tf
@@ -28,6 +28,16 @@ resource "google_cloud_run_service" "chat_push_gateway" {
           }
         }
       }
+      volumes {
+        name = "fcm_keyfile"
+        secret {
+          secret_name = local.environment_name == "production" ? "FCM_KEYFILE_PRODUCTION" : "FCM_KEYFILE_STAGING"
+          items {
+            key  = "latest"
+            path = "fcm-keyfile.json" # relative to mount_path in volume_mounts
+          }
+        }
+      }
       containers {
         image = "${data.terraform_remote_state.holi_infra_state.outputs.artifact_registry_location}/holi-chat-push-gateway:${var.image_tag}"
         ports {
@@ -37,6 +47,10 @@ resource "google_cloud_run_service" "chat_push_gateway" {
           mount_path = "/apns"
           name       = "apns_keyfile"
         }
+        volume_mounts {
+          mount_path = "/fcm"
+          name       = "fcm_keyfile"
+        }
         # TODO consider adding resource limits
         env {
           name = "HOLI_CHAT_PUSH_GATEWAY_FCM_API_KEY"
@@ -47,6 +61,10 @@ resource "google_cloud_run_service" "chat_push_gateway" {
             }
           }
         }
+        env {
+          name  = "FCM_KEYFILE"
+          value = "/fcm/fcm-keyfile.json" # see volume_mounts and volumes
+        }
         env {
           name  = "APNS_KEYFILE"
           value = "/apns/apns-keyfile.p8" # see volume_mounts and volumes