Environment variables reference¶
This page lists all FUTU_* environment variables supported by the daemon
(futu-opend), CLI (futucli), and MCP (futu-mcp), with purpose, default
values, and matching CLI flags.
Credentials¶
| Env var | Purpose | Default | Matching CLI flag |
|---|---|---|---|
FUTU_PWD |
Login password (plaintext or 32-hex MD5, auto-detected) | (required or use CLI flag) | --login-pwd <PWD> |
FUTU_TRADE_PWD |
Trade unlock password (futucli unlock / MCP unlock) | (as needed) | --trade-pwd <PWD> |
Security tip: Prefer systemd EnvironmentFile=/etc/futu-opend.env
(mode 0600) to avoid leaking plaintext to shell history / ps aux.
Connection addresses¶
| Env var | Purpose | Default |
|---|---|---|
FUTU_GATEWAY |
MCP / futucli daemon gRPC address | 127.0.0.1:11111 |
FUTU_REST_URL |
futucli daemon REST URL | http://127.0.0.1:11112 |
FUTU_ADDR |
Used by examples/live_test for daemon address | 127.0.0.1:11111 |
Long-running daemon hardening (v1.4.94+)¶
env opt-in, default OFF. See long-running daemon deployment guide for details.
| Env var | Purpose | Default | Risk |
|---|---|---|---|
FUTU_CLIENT_SIG_PROACTIVE_REFRESH=1 |
Proactively refresh client_sig 1h before expiry |
OFF | Low — single refresh action; backend acceptance pending real-machine verify |
FUTU_CLIENT_SIG_REACTIVE_REFRESH=1 |
Reactive refresh after tcp_login persistent failures (≥3) | OFF | Medium — ret_type=15 semantics not exclusively "client_sig invalid" (includes rate limiting / risk control); in multi-account daemon, misfire may affect other accounts; safe for single-account |
When to flip default ON: after tester real-machine verify with positive evidence + 2+ release cycles of opt-in users with no reported issues (pitfall #57 discipline).
Client (CLI / SDK / MCP)¶
| Env var | Purpose | Default |
|---|---|---|
FUTU_CLI_AUTO_IDEM=1 |
futucli auto-derives idempotency_key (param hash) for place-order/modify/cancel | OFF |
Testing / Chaos engineering (internal)¶
| Env var | Purpose | Default |
|---|---|---|
FUTU_E2E_SIM_ACC |
E2E test sim account | (test-only) |
FUTU_E2E_SIM_PWD |
E2E test sim password | (test-only) |
FUTU_E2E_SIM_PLATFORM |
E2E test platform (futunn / moomoo) |
futunn |
FUTU_CHAOS_ENABLE=1 |
chaos test fault-injection toggle | OFF |
FUTU_MULTI_VERSION_GUARD_STRICT=1 |
multi_version_smoke.sh strict mode (binary fingerprint diff → exit 1) | (set by ship.sh A9) |
Naming convention¶
FUTU_<SUBSYSTEM>_<FEATURE>_<ACTION>=<VALUE>:
FUTU_prefix — shared namespace for daemon / CLI / SDK- subsystem:
CLIENT_SIG/TRADE/CLI/E2E/CHAOSetc - feature/action: describes the functionality itself, no internal audit
numbers exposed (e.g. v1.4.94 G1 protocol gap's "G1" doesn't appear in
env var name; use
PROACTIVE_REFRESHto describe behavior) - value:
1= enable; otherwise / unset = disable
Precedence vs CLI flags¶
CLI flag > env var > config file > built-in default. When both exist, the CLI flag wins.
Example: FUTU_PWD=foo futu-opend --login-pwd bar uses bar (CLI flag).