Using environment variables for API KEY and PROJECT ID makes it not secure but also makes it easy for people wanting to try out this project. There can be a .env.example file which has empty values for the environment variables. The person setting up the project can just cp .env.example .env and fill in the appropriate values.