Configure LLM API Keys in Hermes USB Portable Drive

Hermes Portable stores all API credentials in a single data/.env file located inside your portable folder — never in your home directory or system environment. Because HERMES_HOME is overridden to point at data/ on every launch, keys are read directly from there rather than from ~/.hermes/. This means your credentials travel with the drive and are never written to the host machine.

Two Ways to Add Your Keys

Manual — Edit data/.env
Interactive Wizard

Open data/.env in any text editor and add the keys for the providers you want to use:

# Add the keys for the providers you wish to use:
OPENROUTER_API_KEY=sk-or-v1-xxxxxxxxxxxxxxxx
OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxxxxx
ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxx

Save the file, then restart Hermes for the changes to take effect.

You only need to add keys for the providers you actually use. Leave unused lines commented out or delete them entirely.

The launcher’s built-in setup wizard writes the correct values to data/.env and data/config.yaml for you.From the launcher menu, select option [2] Setup / Reconfigure Hermes.From the command line, pass the setup argument directly:

launch.bat setup

Both commands invoke hermes setup, the full interactive configuration wizard. Follow the on-screen prompts to choose a provider and enter your key.After the wizard completes, restart Hermes for the new configuration to take effect.

Supported Providers

Provider	Environment Variable	Notes
OpenRouter	`OPENROUTER_API_KEY`	Access hundreds of models through a single key
OpenAI	`OPENAI_API_KEY`	GPT-4o, o1, and other OpenAI models
Anthropic	`ANTHROPIC_API_KEY`	Claude 3.5 Sonnet, Claude 3 Opus, and others

Additional providers (DeepSeek, custom endpoints, etc.) can also be configured via data/.env. Use hermes setup to have the wizard generate the correct variable names automatically.

After Changing Keys

Hermes reads data/.env at startup. Any changes you make to the file take effect the next time you launch Hermes — there is no hot-reload. To apply new keys immediately, exit the current session and relaunch.

launch.bat hermes status

Use hermes status to confirm the active provider and model after reconfiguring.

Security

data/.env contains your raw API keys. Anyone who gains physical or filesystem access to your portable drive can read those credentials and use them to make requests on your accounts.Recommended mitigations:

Encrypt your USB drive or external SSD using BitLocker (Windows), FileVault (macOS), or a cross-platform tool like VeraCrypt.
Avoid storing production keys or accounts with large API balances on a drive you carry daily.
Use keys scoped to a low spending limit wherever your provider supports it.

Get Started

Configuration

Using Hermes

Maintenance

Troubleshooting

Configure LLM API Keys in Hermes USB Portable Drive

Two Ways to Add Your Keys

Supported Providers

After Changing Keys

Security

Build docs developers (and LLMs) love

Get Started

Configuration

Using Hermes

Maintenance

Troubleshooting

Documentation Index

​Two Ways to Add Your Keys

​Supported Providers

​After Changing Keys

​Security

Build docs developers (and LLMs) love

Two Ways to Add Your Keys

Supported Providers

After Changing Keys

Security