Your Provider Key (BYOK)
How EgoX encrypts, stores, and uses your bring-your-own LLM provider API key — and why it's never brokered or exposed.
EgoX runs on a bring-your-own-key (BYOK) model: you supply your own LLM provider API key, and EgoX uses it only to run your project's requests. This page explains how that key is stored and used securely.
Why BYOK
EgoX does not provide, resell, or fund model inference. Inference runs on your provider account with your key. That means you keep direct control of your model spend, rate limits, and provider relationship — and your data goes to a provider you chose, not one we picked for you.
Providers EgoX can route to:
| Provider | Used when |
|---|---|
| OpenAI | you configure an OpenAI key |
| Anthropic | you configure an Anthropic key |
| Azure OpenAI | you configure an Azure deployment + key |
EgoX never sends your data to a provider you haven't configured.
How your key is stored
- Encrypted at rest with AES-256-GCM. Your key is encrypted before it's written to the database — the plaintext key is never stored.
- Protected by a master key. The per-key encryption is wrapped by a separate master key held outside the row data, so database contents alone are not enough to recover a provider key.
- Never shown back in full. After you save it, the Console never re-displays the full key — only a masked reference.
- Treated as Customer secrets. Provider keys and webhook secrets are handled as processor-held secrets under the DPA, with the same isolation and access controls as the rest of your data.
How your key is used
- Only to execute your requests. EgoX decrypts the key in memory to call your
configured provider for your project's
/asktraffic, and for nothing else. - Never shared across tenants. A key belongs to one project; tenant isolation keeps it there.
- The provider is your subprocessor too. When EgoX transmits your prompts and context to the provider using your key, that provider processes the data under your agreement with them.
Your responsibilities
Because inference runs on your key, a few things stay on your side:
- Scope and rotate your provider key appropriately, and revoke it if it leaks.
- Comply with your provider's usage policies — a violation of their terms can also be an Acceptable Use violation.
- Keep the key confidential in your own systems; EgoX only ever receives it over TLS and stores it encrypted.
If a key is ever compromised
Rotate the affected provider key with your provider immediately, then update it in the Console. If EgoX ever detects a platform-side incident touching stored secrets, affected tenants are notified without undue delay per our breach process.
How We Store Your Data
EU data residency, tenant isolation, encryption in transit, where each type of data lives, and what EgoX never does with it.
Integrating Securely with the SDK
How the EgoX SDK authenticates, signs and verifies tool calls, forwards headers safely, and keeps your integration trustworthy.