Quick reminder about securing large-scale self-hosted Letta deployments. If you’re running custom tools, you really want to be using sandboxes.
Sandboxes isolate tool code from the server running it, meaning that the tool does not have access to and environment variables.
Not sandboxing your code execution means that important secrets like API keys could be leaked.
For most personal self-hosters this is probably not an issue. If you are a business running code outside of a sandbox, this is an issue. Keep your secrets secret.
Turn sandboxing on by setting an E2B environment variable:
E2B_API_KEY="e2b_....."
Also: Make sure you’ve set a server password. Running Letta without authentication is asking for trouble. You can learn how to configure a server password here, but the gist is that you need to set your password in the LETTA_SERVER_PASSWORD environment variable:
# If LETTA_SERVER_PASSWORD isn't set, the server will autogenerate a password
docker run \
-v ~/.letta/.persist/pgdata:/var/lib/postgresql/data \
-p 8283:8283 \
--env-file .env \
-e SECURE=true \
-e LETTA_SERVER_PASSWORD=yourpassword \ # Set your password here
letta/letta:latest
Let me know if you’ve got questions about how to do any of this!
– Cameron