Skip to content

AI Secrets Management - Quick Reference

Two methods for managing AI API keys in AudioLab.

Method 1: Local .env (Development)

Setup

# Run interactive setup
.\local_secrets_setup.ps1

# Or copy template manually
cp .env.template .env
# Edit .env with real keys

Load

# Load into environment
Get-Content .env | ForEach-Object {
    if($_ -match '^([^=]+)=(.+)$') {
        [Environment]::SetEnvironmentVariable($matches[1], $matches[2], "Process")
    }
}

Method 2: 1Password (Production)

Setup

# Install CLI
winget install AgileBits.1PasswordCLI

# Store keys
.\scripts\store-ai-secrets-1password.ps1

Load

# Load from vault
.\scripts\load-ai-secrets.ps1

Usage in Code

Never hardcode:

// ❌ BAD
const char* key = "sk-proj-abc123";

// ✅ GOOD
const char* key = std::getenv("OPENAI_API_KEY");

Supported Providers

  • OpenAI (GPT-4, GPT-3.5, DALL-E, Whisper)
  • Anthropic (Claude 3.5 Sonnet, Claude 3 Opus/Haiku)
  • Google Gemini (Gemini Pro, Vision, Ultra)
  • Groq (Ultra-fast inference: Mixtral, Llama 3)
  • OpenRouter (Universal gateway - 100+ models)
  • Together AI (Open source models, fine-tuning)
  • Perplexity AI (Search-augmented LLM)
  • Replicate (Model hosting, Stable Diffusion)
  • Hugging Face (Model hub, inference API)
  • ElevenLabs (Voice synthesis, cloning)
  • Cohere (Enterprise LLMs, embeddings)
  • Stability AI (Stable Diffusion XL, image gen)

Security Checklist

  • ✅ Never commit .env to Git
  • ✅ Use 1Password for production
  • ✅ Rotate keys every 90 days
  • ✅ Revoke immediately if exposed