What steps should I take to protect my Google Maps API Key?

Question

I have obtained a Google Maps API key for my domain.

The examples provided when I obtained my key show the key embedded in request parameters, for example:

Answer 1

Though this question is a few years old it's a very good one. As I understand it exposing API keys, even if they are domain matched, could still lead to abuse. There's a post on Security Stack Exchange here that covers this in more detail.

The steps that you can take to avoid potential abuse have been published by Google here:

Best Practice Guide for securely using APIs: https://support.google.com/cloud/answer/6310037?hl=en

Though I would recommend taking all of it on board, there is an approach that would deal with the specific example that was posted by Brabster and that's to store the key in an environment variable. This way all you need to do is to substitute the key for a server-side variable that is stored within your project. However, be sure not to commit the file that stores the key to a public repository.