VendoVendo Docs
ReferenceCLI

vendo dev

Write a .env.vendo-dev with your API key and provider proxy URLs for local development.

Synopsis

vendo dev [--deployment <id>] [--out <path>]

Writes a .env.vendo-dev file (mode 0600) containing your VENDO_API_KEY, VENDO_TENANT_ID, and one <PROVIDER>_API_KEY / <PROVIDER>_BASE_URL pair per active provider connection in your tenant. Source it into a local OSS app to point it at the Vendo proxy with real credentials, without baking a tenant-scoped key into your repo or shell history.

Must be logged in (vendo login). The active provider list comes from GET /api/cli/apps; the CLI flattens apps[].providerProxies[], drops entries missing slug or base_url, and de-dupes by slug before writing.

Flags

FlagDescription
--deployment <id>Stamp VENDO_DEPLOYMENT_ID=<id> in the output for deployment attribution
--out <path>Output file (default: .env.vendo-dev in cwd)

Output

On success:

✓ Wrote .env.vendo-dev
  Providers: openrouter, elevenlabs, telegram

When the tenant has no active provider connections:

✓ Wrote .env.vendo-dev
  (no provider connections found — connect one at https://vendo.run/connections)

If the provider list fetch fails, the file is still written with VENDO_API_KEY and VENDO_TENANT_ID, and the CLI prints Could not fetch provider connections: <error>.

What's in the file

# Generated by 'vendo dev'. Do not commit.
# Issued at: 2026-05-20T12:00:00Z

VENDO_API_KEY=vendo_sk_…
VENDO_TENANT_ID=t_…
VENDO_DEPLOYMENT_ID=dpl_…   # only if --deployment was passed

# Per-provider proxy URLs (real prod proxy, real billing).
OPENROUTER_API_KEY=vendo_sk_…
OPENROUTER_BASE_URL=https://openrouter-proxy.vendo.run/v1

ELEVENLABS_API_KEY=vendo_sk_…
ELEVENLABS_BASE_URL=https://elevenlabs-proxy.vendo.run/v1

Each provider gets exactly two lines, derived from the provider slug:

  • <PROVIDER>_API_KEY — your CLI's vendo_sk_* bearer (the same key is reused for every provider; the proxy dispatches based on the subdomain).
  • <PROVIDER>_BASE_URL — the base_url returned by /api/cli/apps verbatim (typically {slug}-proxy.vendo.run/v1; the suffix is server-decided, not built by the CLI).

The <PROVIDER> segment is the slug uppercased with -_. There are no per-provider special cases — e.g. Telegram appears as TELEGRAM_API_KEY / TELEGRAM_BASE_URL, not TELEGRAM_BOT_TOKEN.

The file is written to process.cwd() (or --out), not relative to $HOME or the config directory.

.env.vendo-dev contains a tenant-scoped bearer. Add it to your .gitignore and rotate via vendo login --force if it leaks.

Examples

Local dev with a real Vendo identity:

vendo dev
source .env.vendo-dev
python main.py

Local dev attributing usage to a specific deployment (useful when running the same tool that's already deployed):

vendo dev --deployment dpl_abc
source .env.vendo-dev
npm start

Custom output path:

vendo dev --out ./infra/secrets/.env.vendo

vendo validate

Lint a vendo.yaml manifest against the public deploy schema.

vendo ssh

Open an interactive shell on a running Vendo deployment.

On this page

SynopsisFlagsOutputWhat's in the fileExamplesRelated