[CharlieDigital]

Authentication and authorization: I hand it off to Firebase identity management. But you can also just issue your own JWTs. You can run full applications in GCR like KeyCloak or IdentityServer. But the Firebase identity solution is really good.

Example here: https://github.com/CharlieDigital/dn6-firebase

Persistent data: Firestore (or Supabase, Planetscale, or CockroachDB if you want relational). On other platforms, I've used Azure CosmosDB which has a pay-as-you-go model which is practically free for hobby/POC use cases.

Secrets: depends on how secret it is; actual keys go into secrets manager in GCP which integrates with Cloud Run. Otherwise, you can configure it as an environment variable.