I lost the .env block — what now?

The wizard generates the private key in your BROWSER. It's POSTed once to Botely's server, encrypted immediately with AES-256-GCM, and stored as ciphertext. The server doesn't keep the cleartext.

Even Botely can't decrypt it back to plaintext for you (well, technically the server's master key could, but that defeats the whole security model — we deliberately don't expose a 're-show key' endpoint).

Go to /app/settings → 'Active trading key' card → Revoke. Confirm in the dialog. The DB marks the old key inactive.

Click 'Generate trading key' again to re-run the wizard. New keypair, new authenticator id, new .env block. Cost: ~$0.50 of DYDX gas for the new MsgAddAuthenticator transaction.

This time, SAVE THE .ENV BLOCK before clicking Done. The wizard's success screen has copy buttons; paste into 1Password / Bitwarden / your secrets vault of choice.

Even if you never remove the old authenticator from on-chain (Phase 1.5 will), the bot stops using it as soon as you update the .env to the new credentials. The old private key, in someone's hands, could only place orders on ETH/SOL/BNB sub 0 — and only if they also have the API private key, which they don't unless you accidentally leaked it.

If you DID accidentally leak it (e.g., in a screenshot, in a git commit, in a Discord paste), revoke it on-chain too via `dydxprotocold tx accountplus remove-authenticator`. Better safe.