Clavis SSOT

"Clavis SSOT"

vox-clavis is the canonical source of truth for managed secret metadata and resolution precedence.

Research and forward-looking analysis live in Clavis secrets, env vars, and API key strategy research 2026. Threat and policy controls are documented in Clavis Cloudless Threat Model V1, with execution steps in Clavis Cloudless Implementation Catalog.

Naming Convention

VOX_*: Vox-owned platform contracts (mesh, runtime auth, DB, cloud orchestration, internal boundaries).

Non-secret environment parsing

Use vox_config::env_parse for numeric defaults and operator tuning (e.g. HTTP retry caps, timeouts expressed as plain integers). Do not route API keys or other credentials through those helpers — use vox_clavis::resolve_secret (and the SecretId inventory below) so precedence and aliases stay consistent.

vox-ludus free-tier AI: when FreeAiProvider::{Gemini,OpenRouter} carries an empty api_key, resolution goes through Clavis (GeminiApiKey, OpenRouterApiKey) — same canonical + compat env names as the rest of the repo; do not read GEMINI_API_KEY / OPENROUTER_API_KEY directly in new Ludus codepaths.

Provider-native names (for example OPENROUTER_API_KEY, OPENAI_API_KEY): upstream ecosystem names kept for compatibility.
Optional VOX_* provider aliases are accepted as migration aids; canonical names remain stable.

Secret Inventory (Phase 0)

Secret	Scope	Tier	Primary consumer surfaces
`OPENROUTER_API_KEY` / `GEMINI_API_KEY` / `OPENAI_API_KEY` / `ANTHROPIC_API_KEY`	LLM inference	Minimal cloud LLM	`vox-mcp`, `vox-runtime`, `vox-cli doctor/status`
`HF_TOKEN`	LLM retrieval / HF router	Optional	`vox-config`, HF routes
`GROQ_API_KEY`, `CEREBRAS_API_KEY`, `MISTRAL_API_KEY`, `DEEPSEEK_API_KEY`, `SAMBANOVA_API_KEY`, `CUSTOM_OPENAI_API_KEY`	Alternative LLM providers	Optional power-user	provider-specific runtime/mcp paths
`VOX_RUNPOD_API_KEY`, `VOX_VAST_API_KEY`	Cloud GPU infra	Optional cloud GPU	`vox-populi` cloud providers
`TOGETHER_API_KEY`	Remote fine-tune API	Optional cloud training	`vox-cli train --provider together`
`GITHUB_TOKEN`	Publishing/review automation	Workflow-specific required	`vox-cli review/publish`
`VOX_NEWS_TWITTER_TOKEN`, `VOX_NEWS_OPENCOLLECTIVE_TOKEN`, `VOX_SOCIAL_REDDIT_`, `VOX_SOCIAL_YOUTUBE_`	Scientia/news syndication	Optional (per channel)	`vox-publisher` resolves via Clavis `SecretId` specs; GitHub syndication also accepts `VOX_NEWS_GITHUB_TOKEN` as an alias of `GITHUB_TOKEN`
`ZENODO_ACCESS_TOKEN`, `OPENREVIEW_EMAIL`, `OPENREVIEW_ACCESS_TOKEN`, `OPENREVIEW_PASSWORD`, `CROSSREF_PLUS_API_KEY`, `DATACITE_REPOSITORY`, `DATACITE_PASSWORD`, `ORCID_CLIENT_ID`, `ORCID_CLIENT_SECRET`, `TAVILY_API_KEY`, `TAVILY_PROJECT`, `X_TAVILY_API_KEY`, `VOX_ARXIV_ASSIST_HANDOFF_SECRET` (plus `VOX_*` aliases for DataCite, ORCID, Tavily where listed below)	Scholarly repository adapters	Optional (`Workflow::Publish` / `publish_review` bundle)	Zenodo / OpenReview / Crossref / DataCite / ORCID / Tavily clients resolve via Clavis; VOX-prefixed aliases accepted where listed
`VOX_DB_URL`, `VOX_DB_TOKEN`	Remote DB	Workflow-specific required	DB remote flows
`VOX_TELEMETRY_UPLOAD_URL`, `VOX_TELEMETRY_UPLOAD_TOKEN`	Optional telemetry ingest (explicit `vox telemetry upload`)	Optional	`vox-cli` resolves via `SecretId::VoxTelemetryUploadUrl` / `VoxTelemetryUploadToken`; see ADR 023
`VOX_SEARCH_QDRANT_API_KEY`	Qdrant HTTP `api-key` (optional RAG sidecar)	Optional	`vox_search::vector_qdrant` via `SecretId::VoxSearchQdrantApiKey`
`VOX_MESH_TOKEN`	Populi control-plane auth (legacy full-access token)	Workflow-specific required (any mesh-class token)	Mesh transport/auth
`VOX_MESH_WORKER_TOKEN`	Worker-scoped populi HTTP bearer	Optional (advance pools)	`POST` join/heartbeat/inbox/ack
`VOX_MESH_SUBMITTER_TOKEN`	Submitter-scoped populi HTTP bearer	Optional	`POST` A2A deliver only
`VOX_MESH_ADMIN_TOKEN`	Mesh admin bearer	Optional	Full HTTP surface when configured
`VOX_MESH_JWT_HMAC_SECRET`	HS256 key for mesh JWT bearer	Optional	JWT claims `role`, `jti`, `exp`
`VOX_MESH_WORKER_RESULT_VERIFY_KEY`	Ed25519 verify key (hex or Standard base64)	Optional	Signed `job_result` / `job_fail` payloads
`VOX_API_KEY`, `VOX_BEARER_TOKEN`	Runtime ingress auth	Optional hardening	`vox-runtime` auth gate
`VOX_MCP_HTTP_BEARER_TOKEN`, `VOX_MCP_HTTP_READ_BEARER_TOKEN`	MCP HTTP gateway auth	Optional hardening	`vox-mcp` HTTP gateway auth surfaces
`V0_API_KEY`, `VOX_OPENCLAW_TOKEN`	Auxiliary tooling	Optional	island generation / OpenClaw

Managed Secret Env Names

ANTHROPIC_API_KEY
API_KEY
CEREBRAS_API_KEY
CODERABBIT_GITHUB_PER_PAGE
CUSTOM_OPENAI_API_KEY
DEEPSEEK_API_KEY
FORGE_TOKEN
GEMINI_API_KEY
GH_TOKEN (DEPRECATED — use FORGE_TOKEN)
GITHUB_SHA
GITHUB_TOKEN
GITLAB_TOKEN
GL_TOKEN (DEPRECATED — use FORGE_TOKEN)
GOOGLE_AI_STUDIO_KEY (DEPRECATED — use GEMINI_API_KEY)
GROQ_API_KEY
HF_TOKEN
HUGGING_FACE_HUB_TOKEN (DEPRECATED — use HF_TOKEN)
MISTRAL_API_KEY
OLLAMA_HOST
OLLAMA_MODEL
OLLAMA_URL
OPENAI_API_KEY
OPENCLAW_TOKEN
OPENROUTER_API_KEY
OPENROUTER_APP_TITLE
OPENROUTER_HTTP_REFERER
OPENROUTER_MODEL
OPENROUTER_ROUTE_HINT
RUNPOD_API_KEY
SAMBANOVA_API_KEY
SKIP_CUDA_FEATURE_CHECK
TAVILY_API_KEY
TAVILY_PROJECT
TAVILY_PROJECT_ID
TOGETHER_API_KEY
TURSO_AUTH_TOKEN (DEPRECATED — use VOX_DB_TOKEN)
TURSO_URL (DEPRECATED — use VOX_DB_URL)
V0_API_KEY
VAST_API_KEY
VOX_ALLOW_QWEN2_NATIVE
VOX_ANTHROPIC_API_KEY
VOX_ANTHROPIC_CHAT_COMPLETIONS_URL
VOX_ANTHROPIC_DIRECT
VOX_API_KEY
VOX_ARXIV_ASSIST_HANDOFF_SECRET
VOX_BASE_MODEL
VOX_BEARER_TOKEN
VOX_BUDGET_USD
VOX_CANDLE_DEVICE
VOX_CARGO_BIN
VOX_CEREBRAS_API_KEY
VOX_CEREBRAS_CHAT_COMPLETIONS_URL
VOX_CLI_GLOBAL_JSON
VOX_CLI_JSON
VOX_CLOUD_IMAGE
VOX_CLOUD_MAX_RUNTIME
VOX_CLOUD_PRICE_TTL
VOX_COST_PREFERENCE
VOX_CROSSREF_PLUS_API_KEY
VOX_DATACITE_PASSWORD
VOX_DATACITE_REPOSITORY
VOX_DATA_DIR
VOX_DB_TOKEN
VOX_DB_URL
VOX_DEEPSEEK_API_KEY
VOX_DEEPSEEK_CHAT_COMPLETIONS_URL
VOX_DOGFOOD_TRACE_PATH
VOX_EMIT_EXPRESS_SERVER
VOX_FORGE_TOKEN
VOX_GAMIFY_ENABLED
VOX_GAMIFY_MODE
VOX_GEMINI_API_KEY
VOX_GPU_MODEL
VOX_GPU_VRAM_MB
VOX_GROQ_API_KEY
VOX_GROQ_CHAT_COMPLETIONS_URL
VOX_HF_TOKEN
VOX_JSON_OUTPUT
VOX_MCP_BINARY
VOX_MCP_HTTP_BEARER_TOKEN
VOX_MCP_HTTP_READ_BEARER_TOKEN
VOX_MENS_EXPERIMENTAL_OPTIMIZER
VOX_MENS_SCORECARD_MAX_TOKENS
VOX_MENS_TRAIN_JSONL_STRICT
VOX_MENS_TRAIN_JSON_STRICT
VOX_MESH_ADMIN_TOKEN
VOX_MESH_HTTP_HEARTBEAT_SECS
VOX_MESH_HTTP_JOIN
VOX_MESH_JWT_HMAC_SECRET
VOX_MESH_SUBMITTER_TOKEN
VOX_MESH_TOKEN
VOX_MESH_WORKER_RESULT_VERIFY_KEY
VOX_MESH_WORKER_TOKEN
VOX_MISTRAL_API_KEY
VOX_MISTRAL_CHAT_COMPLETIONS_URL
VOX_MODEL
VOX_NEWS_OPENCOLLECTIVE_TOKEN
VOX_OPENAI_API_KEY
VOX_OPENCLAW_SIDECAR_DISABLE
VOX_OPENCLAW_SIDECAR_EXPECT_VERSION
VOX_OPENCLAW_TOKEN
VOX_OPENCLAW_URL
VOX_OPENCLAW_WS_URL
VOX_OPENREVIEW_ACCESS_TOKEN
VOX_OPENREVIEW_API_BASE
VOX_OPENREVIEW_EMAIL
VOX_OPENREVIEW_INVITATION
VOX_OPENREVIEW_PASSWORD
VOX_OPENREVIEW_SIGNATURE
VOX_OPENROUTER_API_KEY
VOX_ORCHESTRATOR_ATTENTION_BUDGET_MS
VOX_ORCHESTRATOR_ATTENTION_ENABLED
VOX_ORCHESTRATOR_ENABLED
VOX_ORCHESTRATOR_LOG_LEVEL
VOX_ORCHESTRATOR_PLANNING_ENABLED
VOX_ORCHESTRATOR_RESEARCH_MODEL_ENABLED
VOX_ORCID_CLIENT_ID
VOX_ORCID_CLIENT_SECRET
VOX_PM_ALLOW_GIT_UNVERIFIED
VOX_PROVIDER_DAILY_LIMITS_FILE
VOX_PROVIDER_DAILY_LIMITS_JSON
VOX_PROVIDER_DAILY_LIMIT_DEFAULT
VOX_PROVIDER_LIMIT_PROVIDERS
VOX_QWEN35_NATIVE_CUTOVER
VOX_REGISTRY_TOKEN
VOX_REPOSITORY_ROOT
VOX_REPO_ROOT
VOX_REVIEW_REPOSITORY_ID
VOX_SAMBANOVA_API_KEY
VOX_SAMBANOVA_CHAT_COMPLETIONS_URL
VOX_SCHOLARLY_ADAPTER
VOX_SCHOLARLY_DISABLE
VOX_SCHOLARLY_DISABLE_LIVE
VOX_SCHOLARLY_DISABLE_OPENREVIEW
VOX_SCHOLARLY_DISABLE_ZENODO
VOX_SCRIPT_CACHE_MAX_ENTRIES
VOX_SCRIPT_CACHE_MAX_SIZE_MB
VOX_SCRIPT_RELEASE
VOX_SEARCH_QDRANT_API_KEY
VOX_SECRET_GUARD_GIT_REF
VOX_SOCIAL_BLUESKY_HANDLE
VOX_SOCIAL_BLUESKY_PASSWORD
VOX_SOCIAL_DISCORD_WEBHOOK
VOX_SOCIAL_LINKEDIN_ACCESS_TOKEN
VOX_SOCIAL_MASTODON_DOMAIN
VOX_SOCIAL_MASTODON_TOKEN
VOX_SOCIAL_REDDIT_CLIENT_ID
VOX_SOCIAL_REDDIT_CLIENT_SECRET
VOX_SOCIAL_REDDIT_REFRESH_TOKEN
VOX_SOCIAL_REDDIT_USER_AGENT
VOX_SOCIAL_YOUTUBE_CLIENT_ID
VOX_SOCIAL_YOUTUBE_CLIENT_SECRET
VOX_SOCIAL_YOUTUBE_REFRESH_TOKEN
VOX_SYNDICATION_TEMPLATE_PROFILE
VOX_TAVILY_API_KEY
VOX_TAVILY_PROJECT
VOX_TAVILY_PROJECT_ID
VOX_TELEMETRY_UPLOAD_TOKEN
VOX_TELEMETRY_UPLOAD_URL
VOX_TOGETHER_API_KEY
VOX_TRAIN_PROFILE
VOX_TURSO_TOKEN (DEPRECATED — use VOX_DB_TOKEN)
VOX_TURSO_URL (DEPRECATED — use VOX_DB_URL)
VOX_V0_API_KEY
VOX_VRAM_OVERRIDE_GB
VOX_WEBHOOK_INGRESS_TOKEN
VOX_WEBHOOK_SIGNING_SECRET
VOX_WEB_RUN_MODE
VOX_WEB_TANSTACK_START
VOX_WORKSPACE_ROOT
VOX_ZENODO_ACCESS_TOKEN
VOX_ZENODO_API_BASE
VOX_ZENODO_ATTACH_MANIFEST_BODY
VOX_ZENODO_DRAFT_ONLY
VOX_ZENODO_PUBLISH_DEPOSITION
VOX_ZENODO_PUBLISH_NOW
VOX_ZENODO_SANDBOX
VOX_ZENODO_STAGING_DIR
VOX_ZENODO_UPLOAD_ALLOWLIST
X_TAVILY_API_KEY (DEPRECATED — use TAVILY_API_KEY)
ZENODO_ACCESS_TOKEN

Operator Tuning Variables (Non-Secrets)

CARGO_HOME
COMPUTERNAME
GEMINI_MODEL
HF_CHAT_MODEL
HF_DEDICATED_CHAT_MODEL
HF_DEDICATED_CHAT_URL
HOME
HOSTNAME
INFISICAL_SERVICE_TOKEN
INFISICAL_TOKEN
OLLAMA_MODEL
OLLAMA_URL
OPENAI_BASE_URL
OPENAI_MODEL
OPENROUTER_CHAT_MODEL
OPENROUTER_MODEL
POPULI_MAX_TOKENS
POPULI_MODEL
POPULI_TEMPERATURE
POPULI_URL
RUST_LOG
USERPROFILE
VAULT_ADDR
VAULT_TOKEN
VOX_ACCOUNT_ID
VOX_ALLOW_UNAUTHENTICATED
VOX_BASE_MODEL
VOX_BENCHMARK_TELEMETRY
VOX_BUDGET_USD
VOX_CHROME_EXECUTABLE
VOX_CLAVIS_AUTO_PREFER_VAULT
VOX_CLAVIS_AUTO_VAULT
VOX_CLAVIS_BACKEND
VOX_CLAVIS_CLOUDLESS_DB_PATH
VOX_CLAVIS_CUTOVER_PHASE
VOX_CLAVIS_HARD_CUT
VOX_CLAVIS_KEK_REF
VOX_CLAVIS_KEK_VERSION
VOX_CLAVIS_MIGRATION_PHASE
VOX_CLAVIS_PROFILE
VOX_CLAVIS_VAULT_PATH
VOX_CLAVIS_VAULT_TOKEN
VOX_CLAVIS_VAULT_URL
VOX_DATA_DIR
VOX_DB_CIRCUIT_BREAKER
VOX_DB_EMBEDDED_REPLICA_INTEGRATION
VOX_DB_MVCC
VOX_DB_SYNC_INTEGRATION
VOX_DB_TOKEN
VOX_DB_URL
VOX_EMBEDDING_MODEL
VOX_EXE
VOX_GAMIFY_ENABLED
VOX_GAMIFY_MODE
VOX_GPU_MODEL
VOX_GPU_VRAM_MB
VOX_INFERENCE_PROFILE
VOX_MCP_BINARY
VOX_MENS_TRAIN_JSONL_STRICT
VOX_MESH_A2A_LEASE_MS
VOX_MESH_A2A_MAX_MESSAGES
VOX_MESH_A2A_STORE_PATH
VOX_MESH_ADVERTISE_GPU
VOX_MESH_BOOTSTRAP_EXPIRES_UNIX_MS
VOX_MESH_BOOTSTRAP_TOKEN
VOX_MESH_CODEX_TELEMETRY
VOX_MESH_CONTROL_ADDR
VOX_MESH_DEVICE_CLASS
VOX_MESH_DISPATCH_STORE_PATH
VOX_MESH_ENABLED
VOX_MESH_EXEC_LEASE_STORE_PATH
VOX_MESH_EXEC_POLICY
VOX_MESH_HTTP_MAX_BODY_BYTES
VOX_MESH_LABELS
VOX_MESH_MAX_STALE_MS
VOX_MESH_MODE
VOX_MESH_NODE_ID
VOX_MESH_RANK
VOX_MESH_REGISTRY_PATH
VOX_MESH_REPLAY_PERSIST
VOX_MESH_REPLAY_STATE_PATH
VOX_MESH_SCOPE_ID
VOX_MESH_SERVER_STALE_PRUNE_MS
VOX_MESH_TRAIN
VOX_MODEL
VOX_NEWS_PUBLISH_ARMED
VOX_NEWS_RSS_FEED_PATH
VOX_NEWS_SITE_BASE_URL
VOX_OPENAI_BASE_URL
VOX_OPENCLAW_SIDECAR_DISABLE
VOX_OPENCLAW_URL
VOX_OPENCLAW_WS_URL
VOX_OPENREVIEW_HTTP_MAX_ATTEMPTS
VOX_ORCHESTRATOR_MESH_CONTROL_URL
VOX_ORCHESTRATOR_PLAN_LLM_SYNTHESIS
VOX_ORCH_LINEAGE_OFF
VOX_ORCH_METRICS_SINK
VOX_PUBLISHER_DRY_RUN
VOX_RATE_LIMIT_MAX_REQUESTS
VOX_RATE_LIMIT_WINDOW_SECONDS
VOX_RUNTIME_LLM_MAX_RETRY
VOX_SCHOLARLY_ADAPTER
VOX_SCHOLARLY_JOB_LOCK_OWNER
VOX_SCHOLA_FORWARD
VOX_SCHOLA_TRAIN_IN_PROCESS
VOX_SCIENTIA_CROSSREF_MAILTO
VOX_SEARCH_BM25_B
VOX_SEARCH_BM25_K1
VOX_SEARCH_DDG_FALLBACK_DISABLED
VOX_SEARCH_MAX_HOPS
VOX_SEARCH_MEMORY_VECTOR_WEIGHT
VOX_SEARCH_POLICY_VERSION
VOX_SEARCH_PREFER_RRF
VOX_SEARCH_QDRANT_COLLECTION
VOX_SEARCH_QDRANT_URL
VOX_SEARCH_QDRANT_VECTOR_NAME
VOX_SEARCH_REPO_MAX_FILES
VOX_SEARCH_REPO_SKIP_DIRS
VOX_SEARCH_RRF_K
VOX_SEARCH_SCRAPER_MIN_DENSITY
VOX_SEARCH_SCRAPER_ROBOTS_RESPECT
VOX_SEARCH_SCRAPER_TIMEOUT
VOX_SEARCH_SEARXNG_ENGINES
VOX_SEARCH_SEARXNG_LANGUAGE
VOX_SEARCH_SEARXNG_MAX_RESULTS
VOX_SEARCH_SEARXNG_MAX_SCRAPE
VOX_SEARCH_SEARXNG_URL
VOX_SEARCH_TANTIVY_ROOT
VOX_SEARCH_TAVILY_BUDGET
VOX_SEARCH_TAVILY_DEPTH
VOX_SEARCH_TAVILY_ENABLED
VOX_SEARCH_TAVILY_MAX_RESULTS
VOX_SEARCH_TAVILY_ON_EMPTY
VOX_SEARCH_TAVILY_ON_WEAK
VOX_SEARCH_VERIFICATION_QUALITY_THRESHOLD
VOX_SYNDICATION_TEMPLATE_PROFILE
VOX_SYNTAX_K_TELEMETRY
VOX_TRAIN_PROFILE
VOX_TURSO_TOKEN
VOX_TURSO_URL
VOX_UNIFIED_ROUTING
VOX_VRAM_OVERRIDE_GB
VOX_WEB_RUN_MODE
VOX_WEB_TANSTACK_START
VOX_WORKFLOW_JOURNAL_CODEX_OFF
VOX_ZENODO_API_BASE
VOX_ZENODO_HTTP_MAX_ATTEMPTS
VOX_ZENODO_STAGING_DIR
VOX_ZENODO_UPLOAD_ALLOWLIST

Resolution Precedence

For each managed secret ID:

canonical env name
non-deprecated aliases (including opt-in VOX_* aliases)
deprecated aliases (returns DeprecatedAliasUsed status)
configured external backend (infisical or vault, when enabled)
secure local store
compatibility file stores (~/.vox/auth.json, legacy ~/.vox/auth_token, .vox/populi/mesh.env where applicable)

Required vs Optional Model

vox clavis doctor evaluates blocking requirement groups (AnyOf/AllOf) per workflow/profile.
Chat/Mcp blocking model in cloud mode is OpenRouter-first (OPENROUTER_API_KEY / VOX_OPENROUTER_API_KEY); alternate providers are optional capability keys.
local mode requires no cloud key; auto resolves from VOX_INFERENCE_PROFILE.
Optional keys are reported separately as capability unlocks (not startup blockers).
OpenRouter does not replace RunPod/Vast keys: LLM gateway credentials and cloud GPU credentials are distinct domains.

Canonical Bundles

minimal_local_dev: zero required cloud keys.
minimal_cloud_dev: OpenRouter only.
gpu_cloud: RunPod or Vast key (plus Together optional).
publish_review: GitHub token required; Zenodo / OpenReview / Crossref / arXiv-assist secrets optional (see inventory table).
mesh_roles: worker or submitter mesh token (see SecretBundle::MeshRoles / SSOT mesh section).

Transition and Deprecation Window Policy

Add alias support first (no breakage).
Emit DeprecatedAliasUsed in doctor for legacy aliases.
Keep legacy aliases for at least two release trains after warning lands.
Remove legacy aliases from docs examples first; remove runtime support only after explicit release note and CI parity update.

Command Surfaces

vox clavis doctor --workflow <...> --profile <dev|ci|mobile|prod> --mode <auto|local|cloud> [--bundle <minimal-local-dev|minimal-cloud-dev|gpu-cloud|publish-review>]
vox clavis set <registry> <token> [--username <name>]
vox clavis get <registry>
vox clavis backend-status
vox clavis migrate-auth-store
FORGE_TOKEN
GH_TOKEN
GITLAB_TOKEN
GL_TOKEN
GOOGLE_AI_STUDIO_KEY
HUGGING_FACE_HUB_TOKEN
POPULI_API_KEY
TURSO_AUTH_TOKEN
TURSO_URL
VOX_ANTHROPIC_API_KEY
VOX_CEREBRAS_API_KEY
VOX_CROSSREF_PLUS_API_KEY
VOX_CUSTOM_OPENAI_API_KEY
VOX_DEEPSEEK_API_KEY
VOX_FORGE_TOKEN
VOX_GEMINI_API_KEY
VOX_GROQ_API_KEY
VOX_HF_TOKEN
VOX_MISTRAL_API_KEY
VOX_OPENAI_API_KEY
VOX_OPENREVIEW_EMAIL
VOX_OPENREVIEW_PASSWORD
VOX_POPULI_API_KEY
VOX_SAMBANOVA_API_KEY
VOX_SOCIAL_REDDIT_CLIENT_ID
VOX_SOCIAL_REDDIT_CLIENT_SECRET
VOX_SOCIAL_REDDIT_REFRESH_TOKEN
VOX_SOCIAL_REDDIT_USER_AGENT
VOX_SOCIAL_YOUTUBE_CLIENT_ID
VOX_SOCIAL_YOUTUBE_CLIENT_SECRET
VOX_SOCIAL_YOUTUBE_REFRESH_TOKEN
VOX_TOGETHER_API_KEY
VOX_TURSO_TOKEN
VOX_TURSO_URL
VOX_V0_API_KEY
VOX_WEBHOOK_INGRESS_TOKEN
VOX_WEBHOOK_SIGNING_SECRET
VOX_ZENODO_ACCESS_TOKEN
VOX_SOCIAL_MASTODON_TOKEN
VOX_SOCIAL_MASTODON_DOMAIN
VOX_SOCIAL_LINKEDIN_ACCESS_TOKEN
VOX_SOCIAL_DISCORD_WEBHOOK_URL