Openevidence Multi Env Setup

Environment Files

# Per-env files: .env.development, .env.staging, .env.production
OPENEVIDENCE_API_KEY_{DEV|STG|PROD}=<api-key>
OPENEVIDENCE_BASE_URL=https://api.{dev.|staging.|""}openevidence.com/v1
OPENEVIDENCE_DATA_CLASS={synthetic|de-identified|phi}
OPENEVIDENCE_PHI_ENABLED={false|false|true}
OPENEVIDENCE_AUDIT_LEVEL={basic|full|full}
OPENEVIDENCE_BAA_ID=<baa-id>          # production only

Environment Validation

function validateOpenEvidenceEnv(env: string): void {
  const suffix = { development: "_DEV", staging: "_STG", production: "_PROD" }[env];
  const required = [`OPENEVIDENCE_API_KEY${suffix}`, "OPENEVIDENCE_BASE_URL", "OPENEVIDENCE_DATA_CLASS"];
  if (env === "production") required.push("OPENEVIDENCE_BAA_ID");
  if (env !== "development") required.push("OPENEVIDENCE_AUDIT_LEVEL");
  const missing = required.filter((k) => !process.env[k]);
  if (missing.length) throw new Error(`Missing OpenEvidence vars for ${env}: ${missing.join(", ")}`);
  if (env === "production" && process.env.OPENEVIDENCE_PHI_ENABLED !== "true")
    throw new Error("HIPAA violation: PHI must be enabled in production");
}

Promotion Workflow

# 1. Run clinical queries against synthetic data in dev
curl -X POST "$OPENEVIDENCE_BASE_URL/query" \
  -H "Authorization: Bearer $OPENEVIDENCE_API_KEY_DEV" -d @synthetic-query.json

# 2. Validate with de-identified data in staging (audit logs required)
curl -X POST "$OPENEVIDENCE_BASE_URL/query" \
  -H "Authorization: Bearer $OPENEVIDENCE_API_KEY_STG" -d @staging-query.json

# 3. Verify HIPAA audit trail exists for all staging queries
curl "$OPENEVIDENCE_BASE_URL/audit/logs?env=staging" \
  -H "Authorization: Bearer $OPENEVIDENCE_API_KEY_STG" | jq '.totalEntries'

# 4. Deploy to production (requires BAA verification)
OPENEVIDENCE_BAA_ID=baa-2026-001 npm run deploy -- --env production --hipaa-check

Environment Matrix

Error Handling

Resources

• OpenEvidence Docs

Next Steps

See openevidence-deploy-integration.