Exchange Configuration
TRADEOS.tech supports multiple exchange venues for market data ingestion and order execution. Configuration is managed through environment variables in your .env file.
Supported venues
| Venue | Market Data | Order Execution | Notes |
|---|---|---|---|
| Coinbase | ✅ WebSocket | ✅ | Advanced Trade API |
| Kraken | ✅ WebSocket | ✅ | |
| Gemini | ✅ WebSocket | ✅ | |
| Binance | ✅ WebSocket | ✅ | Requires non-US access |
| DexScreener | ✅ Polling | ❌ | On-chain data only |
| DefiLlama | ✅ Polling | ❌ | TVL + protocol data |
Market data (no API keys required)
For market data ingestion only (paper trading), no API keys are needed for Coinbase, Kraken, and Gemini public WebSocket feeds. Add to .env:
VENUES=coinbase,kraken,gemini
Live execution API keys
For live order execution, add your exchange API credentials to .env:
# Coinbase
COINBASE_API_KEY=your_api_key
COINBASE_API_SECRET=your_api_secret
# Kraken
KRAKEN_API_KEY=your_api_key
KRAKEN_API_SECRET=your_api_secret
# Gemini
GEMINI_API_KEY=your_api_key
GEMINI_API_SECRET=your_api_secret
Never commit API keys to version control. The .env file is in .gitignore by default — verify this before making any commits.
API key permissions
TRADEOS.tech requires the following permissions on exchange API keys:
- Read — for balance and position queries
- Trade — for placing and canceling orders
- Withdraw: NO — TRADEOS.tech never needs withdrawal permission; do not grant it
Switching from paper to live
- Add exchange API keys to
.env - Set
PAPER_TRADING=false - Set
EXECUTION_MODE=live - Restart the execution service:
docker compose restart execution
Switching to live trading means real money is at risk. Start with a small balance and the Conservative profile. Verify fills are appearing correctly before deploying larger capital.
Vault integration
For production deployments, API keys should be stored in HashiCorp Vault rather than in .env. The execution service reads credentials from Vault at startup when SECRETS_PREFIX=vault:// is set.
The compose stack includes a Vault container in dev mode for local testing. For production, configure a persistent Vault backend with proper unseal keys and TLS.