devops

AI Trading: Lesson Learned #119: Paper Trading API Key Mismatch After Account Reset

Published: (January 8, 2026 at 06:51 PM EST)
2 min read
Source: Dev.to

Source: Dev.to

Date

January 8, 2026

Severity

HIGH

Category

Configuration / Infrastructure

Summary

Paper trading stopped working because a workflow job still referenced the old API secrets (ALPACA_PAPER_TRADING_API_KEY / ALPACA_PAPER_TRADING_API_SECRET) after the paper account was reset to a new $5 K account with different credentials (ALPACA_PAPER_TRADING_5K_API_KEY / ALPACA_PAPER_TRADING_5K_API_SECRET).

  • On Jan 7 2026 the CEO reset the paper account to $5 000 and generated new API keys.
  • Most workflow jobs were updated to use the new _5K‑suffixed secrets.
  • The protect‑existing‑positions job in daily-trading.yml continued to use the old secrets, causing a credential mismatch that blocked pre‑market protection.

Impact

  • No trades executed on Jan 7–8 2026 (2 days of paper trading lost).
  • No Phil Town strategy validation during this period.
  • Potential stop‑loss protection gaps for existing positions.

Bug Location

.github/workflows/daily-trading.yml – lines 286‑287

BEFORE (broken)

ALPACA_API_KEY: ${{ secrets.ALPACA_PAPER_TRADING_API_KEY }}
ALPACA_SECRET_KEY: ${{ secrets.ALPACA_PAPER_TRADING_API_SECRET }}

AFTER (fixed)

ALPACA_API_KEY: ${{ secrets.ALPACA_PAPER_TRADING_5K_API_KEY }}
ALPACA_SECRET_KEY: ${{ secrets.ALPACA_PAPER_TRADING_5K_API_SECRET }}

Resolution

  • Updated the protect‑existing‑positions job to use the correct _5K‑suffixed secrets.
  • Added a CI check to ensure all secret references match the expected naming pattern.

Recommendations & Checklist

  • Always grep for all secret references when renaming or adding new secrets.
  • Create a centralized environment file or reusable workflow for secret management.
  • Add a CI validation step that fails if any secret reference does not follow the naming convention.
  • When resetting accounts, use a checklist covering every location that references API keys.

Example CI checks (bash)

# Should return 0 results after the fix
grep -r "ALPACA_PAPER_TRADING_API_KEY[^_]" .github/workflows/
grep -r "ALPACA_PAPER_TRADING_API_SECRET[^_]" .github/workflows/

# Verify new secret references exist
grep -r "ALPACA_PAPER_TRADING_5K" .github/workflows/
  • ll_117: ChromaDB Removal Caused 2‑Day Trading Gap
  • ll_111: Paper Capital Must Match Real (Jan 7, 2026)

This lesson was auto‑published from the AI Trading repository.

Back to Blog

Related posts

Read more »

Rate limiting for actions cache entries

GitHub Actions cache now has a rate limit of 200 uploads per minute per repository. This limit only impacts uploads of new cache entries—it does not affect cach...