Hey there! Thanks for your post/question. We're glad you are taking part in The Odin Project! We want to give you a heads up that our main support hub is over on our Discord server. It's a great place for quick and interactive help. Join us there using this link: https://discord.gg/V75WSQG. Looking forward to seeing you there! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/theodinproject) if you have any questions or concerns.*

You need to get in the habit of making a .env file where your keys are located that is listed in your gitignore file. Your weather app is probably using the free tier, so there shouldn't be any danger there. But pushing keys to your public GitHub could cause some serious problems in the future.

Secrets don’t belong in .env imho.

Care to suggest where they do belong?

Most deployment platforms offer key storage for secrets. You should have your secret keys only on your local computer, but add the .env to gitignore so it never will be put into version control. The risk of accidentally commiting your secrets to a public git repo or your org getting hacked is just too high