PubNub Access Manager
There is no absolute way to hide your keys, but you can control how authenticated users access your keys. PubNub Access Manager provides you with the means to implement the permissions granted to the auth key for channels that the end user will need to receive (publish, subscribe, etc.).
Permissions are read (subscribe and request), write (publish and update) and manage (add channels to channel groups). You will grant these permissions for each channel and group of channels with which the end user will have to work, and the authorization key that you provide to the end user will be a parameter in the PubNub initialization, which will be passed to PubNub with each end-user invoked by the PubNub operation.
The aforementioned bit is a bit high, but this is a thorough discussion about key hiding / access control between Stephen Blum (@PubNub) and Phil Lagetter (@leggetter) - both respected and outstanding thinkers in the real-time data network space, among other areas.