Should google-services.json be synced in my team repository?

17,145 views
Skip to first unread message

Cláudio Bastos

unread,
Jul 13, 2016, 9:28:48 PM7/13/16
to Firebase Google Group
Hi guys.

I haven't found yet in documentation if google-services.json configuration file should be saved in my repository .
Should I create two separate files for debug and release build types and let only the debug one in sync with repo?

Could someone enlighten me?

Samuel Stern

unread,
Jul 14, 2016, 1:06:34 PM7/14/16
to Firebase Google Group
Hey Cláudio,

The general answer is yes, the google-services.json is safe to check in to your repo and is something that should be shared among engineers on your team.  The JSON file does not contain any super-sensitive information (like a server API key).  It does contain some information like your database URL, Android API key, and storage bucket.  These are not secrets, but if your security rules are not set up correctly an attacker could use them against you.  However since these values are also compiled into your APK as resources, the theoretical attacker would not need your JSON file to get these values anyway.

For a library or open-source sample we do not include the JSON file because the intention is that users insert their own to point the code to their own backend.  That's why you won't see JSON files in most of our firebase repos on github.

- Sam

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1fd39d6b-4755-46d5-92b9-e601bc911afd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages