The recommended way for dealing with secrets like passwords, API Keys etc. is to store them in AWS Secrets Manager and call the secrets manager from your lambda function to get the value of the secret. You can store the ARNs of the different secrets as environment variables and use the ARN to get the actual value of the secret from your code.
Secrets Manager docs - https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html
You can also find code samples in your language of choice here - https://docs.aws.amazon.com/code-samples/latest/catalog/welcome.html
You can use the Input Transformer to include the API Key only if it is part of the original event. Otherwise, the transformer has no way of getting it from anywhere.
If there a lot of API Keys and you add new ones from time to time or change the existing ones, I would not recommend using environment variables as each change requires re-deploying the function. Instead store the API keys in SSM, SecretsManager, DynamoDB or S3, and read them at function init time.
I understand your concern bout accessing all the keys when you only need one, but you will need to do that somewhere anyway, unless the API key is sent on the event itself.
Relevant questions
Should I create IAM role to allow AWS service send events to my default bus
asked 2 years agoHow to know if a CloudTrail event is a Management Event or Data Event?
Accepted Answerasked 4 months agoPass Cloudwatch Event Data to Lambda Function
asked 2 months agoInvoke a lambda function (cross account) from event bridge
Accepted Answerasked 8 months agoInjecting secret values into event bus event through input transformer. Safe or not?
Accepted Answerasked a month agoEventbridge Input Transformer example doesnt work
asked 3 months agoEventBridge input transformation between salesforce event to target API?
asked 4 months agoEventBridge max EventBuses on event path
Accepted Answerasked 3 months agoAWS Location Tracker - custom event-bus setting
asked 2 months agoHow To Detect BatchItemFailure support from Lambda SQS Event
asked 4 months ago