CloudSoftwareHardware
Software Stack
DepthAI
OAK Apps
AI Models

ON THIS PAGE

  • API Key Security - Good Practices
  • General Recommendations
  • Modes & Secure Setup Options

API Key Security - Good Practices

This page describes recommended practices for handling Luxonis Hub API keys securely when developing, deploying, and running apps.An API key is a credential issued by HubAI. You can obtain one by signing up for a free account and generating an API key in your account settings. The API key acts as a way to authenticate with Luxonis Hub, allowing your apps, scripts, or devices to securely interact with Hub services.Including API keys directly into git-tracked files (e.g., oakapp.toml), which is not recommended because you can accidentally reveal sensitive access information to the public. Instead, we encourage secure handling patterns that avoid committing secrets into source control.

General Recommendations

  • Never commit API keys directly into repositories (e.g., .toml, .json, .yaml, or .py files under git).
  • Prefer using environment variables or .env files (excluded from git via .gitignore).
  • For deployment on hub.luxonis.com, use built-in key management tools (oakctl, web UI) rather than hardcoding.
  • Keep .env files local only, and avoid sharing them.

Modes & Secure Setup Options

Peripheral Mode
Standalone Mode

Peripheral Mode

Local setup

You can run your app locally in one of the following ways:

Option 1 - Inline parameter

Relevant part inside python script:
Python
1_, args = initialize_argparser()
2
3if args.api_key:
4    print(args.api_key)
Call from the command line:
Command Line
1python3 <INSERT_PATH_TO_PROJECT>/main.py -api <INSERT_YOUR_LUXONIS_HUB_API_KEY>

Option 2 - .env file

Python
1import os
2from dotenv import load_dotenv
3
4load_dotenv(override=True)
5print(os.environ["LUXONISHUB_API_KEY"])
and then execute the following commands:
Command Line
1cd <INSERT_PATH_TO_PROJECT>
2echo "LUXONISHUB_API_KEY=<INSERT_YOUR_LUXONIS_HUB_API_KEY>" > .env
3echo ".env" >> .gitignore
4python3 <INSERT_PATH_TO_PROJECT>/main.py
If you insert your <INSERT_PATH_TO_PROJECT>, these commands are going to create a .env file at the same directory where your python script lives. .env will not get included into any Git repository because we've included it into .gitignore.

Option 3 - Exported environment variable

Content of your main.py
Python
1import os
2print(os.environ["LUXONISHUB_API_KEY"])
Then execute:
Command Line
1cd <INSERT_PATH_TO_PROJECT>
2export LUXONISHUB_API_KEY=your_key_here
3python3 main.py

Hub setup

You can authenticate and run apps via the Hub:
Command Line
1oakctl hub login
2oakctl run-script python3 main.py
By logging in, the hub token is passed to your python script the same way as you'd do it manually. You can always logout with oakctl hub logout.

Example

You can follow the example set in generic neural net example from our oak-examples repo to see how these options are put into practice.