diff --git a/binarylane/continue.sh b/binarylane/continue.sh
index 11299e0f..6e9b5b9c 100644
--- a/binarylane/continue.sh
+++ b/binarylane/continue.sh
@@ -32,7 +32,8 @@ else
 fi
 
 log_warn "Setting up environment variables..."
-run_server "${BINARYLANE_SERVER_IP}" "echo 'export OPENROUTER_API_KEY=${OPENROUTER_API_KEY}' >> ~/.bashrc"
+inject_env_vars_ssh "${BINARYLANE_SERVER_IP}" upload_file run_server \
+    "OPENROUTER_API_KEY=${OPENROUTER_API_KEY}"
 
 setup_continue_config "${OPENROUTER_API_KEY}" \
     "upload_file ${BINARYLANE_SERVER_IP}" \
diff --git a/test/record.sh b/test/record.sh
index d4edf3d7..5859aa46 100644
--- a/test/record.sh
+++ b/test/record.sh
@@ -231,38 +231,40 @@ save_config() {
     local config_file="${config_dir}/${cloud}.json"
     mkdir -p "$config_dir"
 
+    # SECURITY: Pass values via sys.argv to prevent Python injection from credentials
+    # containing single quotes or other special characters
     case "$cloud" in
         ovh)
             python3 -c "
-import json
-d = {'application_key': '${OVH_APPLICATION_KEY:-}', 'application_secret': '${OVH_APPLICATION_SECRET:-}',
-     'consumer_key': '${OVH_CONSUMER_KEY:-}', 'project_id': '${OVH_PROJECT_ID:-}'}
+import json, sys
+d = {'application_key': sys.argv[1], 'application_secret': sys.argv[2],
+     'consumer_key': sys.argv[3], 'project_id': sys.argv[4]}
 print(json.dumps(d, indent=2))
-" > "$config_file"
+" "${OVH_APPLICATION_KEY:-}" "${OVH_APPLICATION_SECRET:-}" "${OVH_CONSUMER_KEY:-}" "${OVH_PROJECT_ID:-}" > "$config_file"
             ;;
         upcloud)
             python3 -c "
-import json
-print(json.dumps({'username': '${UPCLOUD_USERNAME:-}', 'password': '${UPCLOUD_PASSWORD:-}'}, indent=2))
-" > "$config_file"
+import json, sys
+print(json.dumps({'username': sys.argv[1], 'password': sys.argv[2]}, indent=2))
+" "${UPCLOUD_USERNAME:-}" "${UPCLOUD_PASSWORD:-}" > "$config_file"
             ;;
         kamatera)
             python3 -c "
-import json
-print(json.dumps({'client_id': '${KAMATERA_API_CLIENT_ID:-}', 'secret': '${KAMATERA_API_SECRET:-}'}, indent=2))
-" > "$config_file"
+import json, sys
+print(json.dumps({'client_id': sys.argv[1], 'secret': sys.argv[2]}, indent=2))
+" "${KAMATERA_API_CLIENT_ID:-}" "${KAMATERA_API_SECRET:-}" > "$config_file"
             ;;
         ramnode)
             python3 -c "
-import json
-print(json.dumps({'username': '${RAMNODE_USERNAME:-}', 'password': '${RAMNODE_PASSWORD:-}', 'project_id': '${RAMNODE_PROJECT_ID:-}'}, indent=2))
-" > "$config_file"
+import json, sys
+print(json.dumps({'username': sys.argv[1], 'password': sys.argv[2], 'project_id': sys.argv[3]}, indent=2))
+" "${RAMNODE_USERNAME:-}" "${RAMNODE_PASSWORD:-}" "${RAMNODE_PROJECT_ID:-}" > "$config_file"
             ;;
         *)
             local env_var
             env_var=$(get_auth_env_var "$cloud")
             eval "local val=\"\${${env_var}:-}\""
-            python3 -c "import json; print(json.dumps({'api_key': '${val}'}, indent=2))" > "$config_file"
+            python3 -c "import json, sys; print(json.dumps({'api_key': sys.argv[1]}, indent=2))" "${val}" > "$config_file"
             ;;
     esac
     printf '%b\n' "  ${GREEN}saved${NC} → ${config_file}"