having the api key in env isn't ideal. Maybe just storing it to a file is a small improvement? Even better if it can bestored in some secure os keychain