I am planning to turn my private repo into public that uses Firebase services, is it safe to expose the google-services.json? I already restrict the API keys with my debug, release, and Play Store SHAs in the Google Cloud Console and Firebase Console. The debug.keystore and keystore.jks are stored as secured repository variable encoded as Base64 string then later decoded it to file in the CI CD pipeline. I can do the same approach with google-services.json but I read some Googlers saying that it is safe to be added in repository so I am thinking if it’s even necessary. Also upon checking Now in Android repository, they replace google-services.json content with placeholder thus makes me doubt that it is safe to expose despite the restriction made with the Google Cloud Console and Firebase Console.