Do not commit your secret keys to git or use it on client side , Your key is not meant to be disclosed to anyone (public). Secret keys should only ever be used on the server. In a situation where your key is compromised, do generate a new key and replace it on your code immediately.