Google's world. They explicitly tell you that API keys are not secrets.

https://trufflesecurity.com/blog/google-api-keys-werent-secr...

API keys for Firebase. While Google really messed up here, I doubt they ever published anything claiming that no Google API keys at all are secrets.

▲

pwdisswordfishs 9 hours ago | parent [-]

Google Maps is not Firebase.

And "Firebase AI Logic" sure sounds like something easy to confuse with a Firebase service...

▲

lxgr 9 hours ago | parent [-]

The same principle applies, though.

I'm absolutely not defending Google here, to be clear: Retroactively expanding the scope of an API "key" explicitly designated as "public/non-sensitive" is very bad.

But the concept itself does make some sense, and I'm just noting that there's precedent both across Google and other companies.

	▲	pwdisswordfishs 9 hours ago \| parent [-]
		> The same principle applies, though. How? "Firebase AI Logic" Is this a Firebase service or not?