Typically there is no way to do it

But I think Google still uses this approach because actually, this file doesn't need to be secured, see the image attached below

So if someone can get it, no security leak -> no need to worry about this file

More details https://firebase.google.com/docs/projects/api-keys

If you would like to have more secure on firebase data access, refer to https://firebase.google.com/docs/projects/api-keys#apply-restrictions