Never commit secrets or API keys to version control. For local development, store all secrets in a .env file that is excluded from git. For production, use Google Secret Manager exclusively.
How secrets are loaded
ODAI uses two different secret sources depending on the runtime environment, controlled by the LOCAL flag in config.py:
Local development — when LOCAL=true, settings are loaded from a .env file in the project root via pydantic-settings:
model_config = SettingsConfigDict(env_file=".env")
LOCAL is unset or false, each secret is fetched individually from Google Secret Manager at startup using the project ID (odai-dev-5e4fd for development, odai-prod for production).
The Secret Manager secret IDs match the variable names exactly (e.g., openai_api_key, plaid_client_id).
Core settings
| Variable | Type | Description |
|---|
LOCAL | bool | Set to true to load secrets from .env instead of Secret Manager. Always true for local development. |
PRODUCTION | bool | Set to true in the production environment. Enables strict auth, switches the project ID to odai-prod, and uses the production KMS key ring. |
OPENAI_API_KEY | string | OpenAI API key. Used by the orchestrator and all agent interactions (model: gpt-4o). |
FIREBASE_SERVICE_ACCOUNT_KEY | string | Full Firebase service account JSON, provided as a single-line string. Required for Firestore access and Firebase authentication. |
GOOGLE_CLOUD_PROJECT | string | Overrides the Google Cloud project ID. Defaults to odai-dev when not in production. |
Financial
| Variable | Type | Description |
|---|
PLAID_CLIENT_ID | string | Plaid client ID for bank account integration (balances, transactions). |
PLAID_SECRET | string | Plaid secret key. Uses sandbox in development, production credentials in prod. |
FINNHUB_API_KEY | string | Finnhub API key for stock market data and financial news. |
COINMARKETCAP_API_KEY | string | CoinMarketCap API key for cryptocurrency prices and market data. |
ALPACA_API_KEY | string | Alpaca API key for trading operations. |
ALPACA_SECRET_KEY | string | Alpaca secret key paired with ALPACA_API_KEY. |
EXCHANGERATE_API_KEY | string | ExchangeRate API key for currency conversion. |
CANOPY_API_KEY | string | Canopy API key (financial data). |
Travel
| Variable | Type | Description |
|---|
FLIGHTAWARE_API_KEY | string | FlightAware API key for real-time flight tracking and status. |
AMADEUS_CLIENT_KEY | string | Amadeus client key for flight search and travel planning. |
AMADEUS_CLIENT_SECRET | string | Amadeus client secret paired with AMADEUS_CLIENT_KEY. |
AVIATIONSTACK_API_KEY | string | AviationStack API key for additional flight data. |
CALTRAIN_API_KEY | string | Caltrain API key for California commuter rail status. |
Communication
| Variable | Type | Description |
|---|
TWILIO_ACCOUNT_SID | string | Twilio account SID for voice and SMS capabilities. |
TWILIO_AUTH_TOKEN | string | Twilio auth token paired with TWILIO_ACCOUNT_SID. |
Search & content
| Variable | Type | Description |
|---|
SERPAPI_API_KEY | string | SerpAPI key for Google Search and Google News results. |
WEATHERAPI_API_KEY | string | WeatherAPI key for current conditions and multi-day forecasts. |
ACCUWEATHER_API_KEY | string | AccuWeather API key for detailed forecasts and weather alerts. |
EASYPOST_API_KEY | string | EasyPost API key for package tracking across carriers. |
CLOUDFLARE_API_KEY | string | Cloudflare API key for site rendering and content fetching. |
CLOUDFLARE_ACCOUNT_ID | string | Cloudflare account ID paired with CLOUDFLARE_API_KEY. |
Entertainment & local
| Variable | Type | Description |
|---|
TICKETMASTER_CONSUMER_KEY | string | Ticketmaster consumer key for event tickets and venue information. |
TICKETMASTER_CONSUMER_SECRET | string | Ticketmaster consumer secret paired with TICKETMASTER_CONSUMER_KEY. |
MOVIEGLU_API_KEY | string | MovieGlu API key for movie showtimes and theater information. |
MOVIEGLU_API_AUTHORIZATION | string | MovieGlu authorization token paired with MOVIEGLU_API_KEY. |
TRIPADVISOR_API_KEY | string | TripAdvisor API key for travel reviews and recommendations. |
YELP_API_KEY | string | Yelp Fusion API key for restaurant and business search. |
Internal & monitoring
| Variable | Type | Description |
|---|
SEGMENT_KEY | string | Segment write key for user behavior analytics and tracking. |
SENTRY_DSN | string | Sentry DSN for error monitoring and alerting. |
Minimal .env for local development
The following variables are required to start the server. All others are optional and only needed if you want to use a specific integration:
LOCAL=true
FIREBASE_SERVICE_ACCOUNT_KEY='{...}'
OPENAI_API_KEY=sk-...