OpenAI will scan for leaked keys in client applications and code sites, and revoke the key if it is detected.
You must keep your API keys absolutely secret, and treat them like a bank account password.
Secure practice is to use an environment variable on a server or local machine completely under your control, never hard-coding a key value. The OpenAI library client is designed to look for and use OPENAI_API_KEY. This ensures your code itself is not a vulnerability.
You’ll have to generate a new API key if one that was active was removed. The API error would be about sending an invalid key, not exactly a “your account has no access” message.