Documentation/Security/API Keys
API Keys
Managing API keys and secrets for Sensei AI.
Required API Keys
Supabase Keys
Database access credentials
NEXT_PUBLIC_SUPABASE_URLRequired
Your Supabase project URL
Example: https://abcdefgh.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEYRequired
Public anonymous key for client-side access
Safe to expose in browser
SUPABASE_SERVICE_ROLE_KEYRequired
Server-side key with full database access
Never expose this key publicly!
Where to find: Supabase Dashboard → Project Settings → API
OpenAI Key
For embeddings and chat completions
OPENAI_API_KEYRequired
OpenAI API key for GPT-4 and embeddings
Starts with: sk-...
Where to find: OpenAI Platform → API Keys
Setting Up Keys
Local Development
Create a .env.local file in the project root:
# Supabase
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
# OpenAI
OPENAI_API_KEY=sk-your-openai-keyVercel Deployment
- 1. Go to your Vercel project dashboard
- 2. Click Settings → Environment Variables
- 3. Add each key with its value
- 4. Redeploy for changes to take effect
Security Warning:
- • Never commit API keys to version control
- • Add .env.local to your .gitignore file
- • Rotate keys immediately if exposed
- • Use environment variables, not hardcoded values
Key Rotation
To rotate API keys safely:
- 1. Generate a new key in the provider's dashboard
- 2. Update the environment variable in Vercel
- 3. Trigger a new deployment
- 4. Verify the app works with the new key
- 5. Delete the old key from the provider