To properly manage (hide) a secret, e.g. an API key, in colab, one can use GCP’s Secret Manager. Here are some instructions, borrowed from this stackoverflow answer:

  1. Enable “Secret Manager API” for the project on market place: https://console.cloud.google.com/marketplace/product/google/secretmanager.googleapis.com
  2. Create a secret in “Secret Manager”: https://console.cloud.google.com/security/secret-manager
  3. Copy the resource name from the console copy-resource-name
  4. Access the resource key using the python script below 
    !pip install google-cloud-secret-manager

from google.cloud import secretmanager
client = secretmanager.SecretManagerServiceClient()
resource_name = "xxxxxxx"  # String copied from above
response = client.access_secret_version(request={"name": resource_name})
OPENAI_API_KEY = response.payload.data.decode('UTF-8')