API keys are encrypted at rest. Only you can see whether they're set; the key itself is never returned.