#Grish

hey there, this is good question but yes your key would be included in your client side code one way or another

Even if retrieved dynamically a user can inspect the network requests and access it

But this is expected and meant to be used client-side

https://developers.google.com/maps/documentation/javascript/get-api-key

This describes how you can restrict the referrer such that the key should only be usable on domains you control where you expect usage