Always use environment variables. They are probably the best way to safeguard your API keys.
I've always wondered the proper way to deal with this, and this makes total sense. How would you typically set such an environment variable? In bash init?
I’ve had good luck with foreman [0] (if you’re happy with Ruby). Create a .env file in your project root with your variable pairs and foreman makes them available inside your app. Then you just need to make sure .env is in your .gitignore and you’re happy.