API Key is a secret that you should properly protect. More specifically:
<ul>
 <li>API Keys should NOT be checked into code repository, especially public repos in GitHub</li>
 <li>API Keys should NOT be included in your client code, which is readable by public</li>
</ul>
Create-react-app has such a warning:
<blockquote>
 WARNING: Do not store any secrets (such as private API keys) in your React app!
 Environment variables are embedded into the build, meaning anyone can view them by inspecting your app's files.
</blockquote>
Since create-react-app generates a site that totally runs on client side, whichever way you choose, the API key will be exposed.
One solution is to serve that app with a backend (e.g. Express), as long as you do not enable Cross-Origin Resource Sharing (CORS) on the backend, only the frontend app can communicate to the backend; then use API Key in backend to talk to an internal API/API Gateway, or 3rd party APIs.

How to safely store API Keys

Google Ads vs Google Marketing Platform vs Google Ad Manager vs AdSense vs AdMob

Life of an Ad Request

Ads - Random Notes

Ads - Versus

Android - Concepts

Android - Overview

Android - Location

Android - Tools

Android - Trouble Shooting

Ansible Cheatsheet

awk Cheatsheet

Base64

Bash

Bazel Cheatsheet

HomeBrew Cheatsheet

Ceph Cheatsheet

Cilium Cheatsheet

containerd Cheatsheet

Containers Cheatsheet

crictl cheatsheet

cron Cheatsheet

CSS Cheatsheet

CSV Cheatsheet

curl Cheatsheet

Docker Cheatsheet

Git Cheatsheet

grep / egrep / fgrep Cheatsheet

Harbor Cheatsheet

Helm Cheatsheet

HTML Cheatsheet

CheatSheet of CheatSheets

Intellij Cheatsheet

jq Cheatsheet

JSON Cheatsheet

k9s Cheatsheet

kind Cheatsheet

kubectl Cheatsheet

Markdown Cheatsheet

Cheatsheets - MySQL

Cheatsheets - Networking

Cheatsheets - openssl

PostgreSQL Cheatsheet

RegEx Cheatsheet

sed Cheatsheet

Shell cheatsheet - Commands

Shell cheatsheet - Scripts

Shell cheatsheet - Shortcuts

Shell - Tips

Signals Cheatsheet

Cheatsheets - SQL

Cheatsheets - Terraform

Cheatsheets - tmux

Cheatsheets - Vim

vscode Cheatsheet

XML Cheatsheet

YAML Cheatsheet

yq Cheatsheet

Cloud - AWS

Google Cloud Platform

Hybrid Cloud

Cloud

Serverless

C++ Keywords - auto

C++ - Caveats

C++ - const vs constexpr vs consteval vs constinit

C++ - Containers

C++ Keywords - explicit

C/C++ - FAQ

C++ - Functions

C / C++

C++ Keywords

C++ - Language Concepts

C++ - lvalue vs rvalue vs xvalue vs prvalue vs glvalue

C / C++ - Memory Management

Modern C++

C++ - Numerics

C++ - Operators

Pointers vs References

Modern C++ - Smart pointers

C++ - Trouble Shooting

C / C++ - Type Casting

C++ - Versus

C++ Keywords - virtual

Least Frequently Used (LFU) Cache

Least Recently Used (LRU) Cache

Advanced Data Structures

List / Vector / Array

Big-O Complexity

Algorithm - Binary Search

Algorithm - Bipart

Collection Conversions

Data Compression

Hash

Heap / PriorityQueue

Data Structures and Algorithms