This repo demonstrates using a .env file for secrets in a Node.js app.
Create a .env file with:
API_KEY=yourkey
Then run:
node app.js
The secret is in a .env file, which is listed in .gitignore so it is not pushed to the repo. If someone clones the repo, they must create their own .env file.