I’m working on a project that I want to open source, but it uses an API key that I want to keep hidden from untrusted parties. What’s best practice on how to do that? Google is really vague about “encrypting” it.