Portfolio Value Trend
May 2025 – May 2026Asset Status
Health Distribution
Recent Custody Activity
Latest 8 eventsAssets Requiring Attention
| Asset ID | Name / Model | Status | Health | Current Value | Location | Custodian | Rem. Life |
|---|
Gemini API Configuration
Your API key is held only in sessionStorage — it is cleared automatically when you close the browser tab. It is never written to disk, logged, or sent anywhere except Google's Generative Language API. For production deployment, use a backend proxy (see guide below).
Get your free key at Google AI Studio.
Production Security Guide
The browser-session approach is fine for personal/local use. For any shared or public deployment, the API key must be kept server-side only.
Store the key as GEMINI_API_KEY=AIza… in a .env file listed in .gitignore. Load it with dotenv (Node) or python-dotenv (Python).
Create a single endpoint (e.g., POST /api/chat) that holds the key server-side and forwards requests to Gemini. The frontend only talks to your proxy — never to Google directly.
Lock the key to the Generative Language API only, and restrict allowed IP addresses or HTTP referrers to your server's addresses.
Generate a new key quarterly or immediately if you suspect exposure. Revoke old keys in the Google Cloud Console API credentials panel.