tiennm99/llmapikey
1
0
Fork 0
mirror of https://github.com/tiennm99/llmapikey.git synced 2026-06-17 04:48:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
llmapikey/.env.example
T
tiennm99 d0fdcb4041 feat(keys): create minted OpenRouter keys in a configured workspace 
Pass create-key workspace_id (from OPENROUTER_WORKSPACE_ID, defaulting to the
project workspace) so minted keys land in the intended workspace instead of the
management key's default. Rename key to non-PII llmapikey/gh-<id>.

- buildCreateKeyBody emits workspace_id only when set (omission keeps default).
- createKey threads workspaceId; mintAndPersist sources it from env.
- Test asserts workspace_id presence/omission; document the new env var.
2026-06-14 12:40:03 +07:00

45 lines
2.3 KiB
Bash
Raw Permalink Blame History

# ---- GitHub OAuth (app-native auth, server-only) ----
# From your GitHub OAuth App (Settings > Developer settings > OAuth Apps).
# All server-only — NEVER prefix with NEXT_PUBLIC_.
GITHUB_OAUTH_CLIENT_ID=Iv1.your-client-id
GITHUB_OAUTH_CLIENT_SECRET=your-client-secret
# Callback is derived at runtime from the request origin (${origin}/auth/callback)
# — no callback env needed. The OAuth App's registered Authorization callback URL
# must match the host you serve on (prod = https://llmapikey.vercel.app/auth/callback,
# local dev = http://localhost:3000/auth/callback). GitHub OAuth Apps allow only
# ONE callback, so reach the app on its canonical domain.
# Session signing secret (HS256). >=32 bytes. Generate: openssl rand -base64 48
AUTH_SESSION_SECRET=change-me-to-a-32-byte-or-longer-random-string
# ---- Postgres (direct, server-only) ----
# Supabase pooler connection string. The Supabase Vercel integration provisions
# this as POSTGRES_URL (Transaction pooler, port 6543). Reaches the unexposed
# `llmapikey` schema. NEVER expose to the client. The connecting role must
# own/bypass RLS on the llmapikey schema (project `postgres` user).
POSTGRES_URL=postgresql://postgres.your-ref:password@aws-0-region.pooler.supabase.com:6543/postgres
# ---- OpenRouter (server-only secret) ----
# Master management/provisioning key used to mint per-user keys. NEVER expose to
# the client.
OPENROUTER_MANAGEMENT_KEY=sk-or-v1-provisioning-...
# Workspace the minted keys are created in (create-key `workspace_id`). Omit to
# fall back to the management key's default workspace.
OPENROUTER_WORKSPACE_ID=33179556-3ab3-40a4-af8b-211d322aa94e
# ---- Provisioning controls (server-only) ----
# Feature flag: live key minting is OFF until OpenRouter ToS gate (Phase 1)
# clears. When "false", generateKey() refuses to mint and returns a gated error.
PROVISIONING_ENABLED=false
# Sybil/abuse kill-switch: stop minting once this many active keys exist.
MAX_TOTAL_KEYS=500
# Per-key daily spend cap (USD) sent to OpenRouter.
KEY_DAILY_LIMIT_USD=10
# Key lifetime in days (sets expires_at on mint).
KEY_EXPIRY_DAYS=90
# ---- Admin (server-only) ----
# Comma-separated numeric GitHub provider_ids granted access to /admin.
# These are the immutable numeric ids (provider_id), NOT GitHub logins.
# Empty/unset = no admins (fail-closed); /admin returns 404 for everyone.
ADMIN_GITHUB_USER_IDS=
Reference in New Issue View Git Blame Copy Permalink