Advocate-of-the-deviling re: don't bother encrypting them. Your argument is sound (the reasons why password encryption matters mostly don't apply to API keys), but there is a subtle advantage here: the amount of time it takes you to detect compromise isn't zero. Got a backup on a public S3 bucket? That's bad, but now at least you know you don't have to audit every user action, too. Since they're already high-entropy they can't be enumerated so you don't have to use an expensive KDF like scrypt or bcrypt, and you can get away with just a hash or a regular KDF. (Doesn't hurt to use scrypt though.)
Just to keep myself honest: I'm aware that HMACing with the API key (a suggestion I defended in a different comment) and storing the API key with a KDF mutually exclusive and that might seem like I'm giving contradictory advice. My specific recommendation is still to just use API keys stored plaintext server side just like 'tptacek is. I'm just saying that these alternative suggestions aren't silly.
TL;DR: plaintext API keys are fine and you should use them but you're not a bad person for wanting to hash them :)
Just to keep myself honest: I'm aware that HMACing with the API key (a suggestion I defended in a different comment) and storing the API key with a KDF mutually exclusive and that might seem like I'm giving contradictory advice. My specific recommendation is still to just use API keys stored plaintext server side just like 'tptacek is. I'm just saying that these alternative suggestions aren't silly.
TL;DR: plaintext API keys are fine and you should use them but you're not a bad person for wanting to hash them :)