Generic Secret

Audit that the reported secret is a real API key.

Remove the hardcoded API key from the source code or committed configuration file.

Follow your policy for handling leaked secrets, which typically require revoking the key in the target system(s).

If under a git repository, you may remove unwanted files from the repository history using tools like git filter-repo or BFG Repo-Cleaner. You may follow the procedure listed here for GitHub.