API Connector Secret Key Secure

Hey. I have a project that uses a secret key via API to manage all user accounts in an external database.

I have a lot of user frontend workflows, and almost every one uses this dynamic secret key.

If I request it through the API Connector via the Custom Token authorization function, will it be client safe? Can the user somehow get access to this key?

It is very important that the user cannot access this key, because otherwise he will be able to manage all the accounts of all users.