Does google maps javascript api-key (v3) need to be kept secret in HTML checked into github and if so, how?

Question

Looking at the developers guide for the Google Maps Javascript API v3 it explains first about how to obtain an API, then shows examples of including that key in the HEAD sec

Answer 1

What Frazell says is correct, when you receive your api key on the right is a 'Edit allowed referers...' link that pops up an option to allow the websites you want to show your map on, if you leave this blank you are allowing any, but if you set let's say http://yourdomain.com only that domain can display the map.

Answer 2

No secrets here. When the key is generated it is associated with your domain name, so the key will not work on someone else's site anyway. It's your and yours alone.

(I agree with Marc's comment)

Answer 3

You should keep your API key private and not share it publicly, via GitHub or any other means. You can place it in a configuration file that loads the value in later and keep that file outside of GitHub, for instance.

Answer 4

According to http://code.google.com/apis/maps/signup.html, version 3 does not need a key. "The Google Maps Javascript API Version 2 has been officially deprecated as of May 19, 2010. Version 3 does not require an API key."

Answer 5

V3 doesn't require a key, but there are some benefits to using one.

Note first off that this key is different than the old V2 key. It's generated from the APIs console (http://code.google.com/apis/console). You pass it the same way, with a key parameter when loading the JS.

Benefits of having a key include usage reports in the console, and a way for Google to contact you if you're going over the quota regularly. You can also purchase additional quota through the console. Finally, if you're using the Places API, it requires the use of a key.

You can set allowed referrers, so that your key can't be used by others.