EgoXDocs
Security

Your Provider Key (BYOK)

How EgoX encrypts, stores, and uses your bring-your-own LLM provider API key — and why it's never brokered or exposed.

EgoX runs on a bring-your-own-key (BYOK) model: you supply your own LLM provider API key, and EgoX uses it only to run your project's requests. This page explains how that key is stored and used securely.

Why BYOK

EgoX does not provide, resell, or fund model inference. Inference runs on your provider account with your key. That means you keep direct control of your model spend, rate limits, and provider relationship — and your data goes to a provider you chose, not one we picked for you.

Providers EgoX can route to:

ProviderUsed when
OpenAIyou configure an OpenAI key
Anthropicyou configure an Anthropic key
Azure OpenAIyou configure an Azure deployment + key

EgoX never sends your data to a provider you haven't configured.

How your key is stored

  • Encrypted at rest with AES-256-GCM. Your key is encrypted before it's written to the database — the plaintext key is never stored.
  • Protected by a master key. The per-key encryption is wrapped by a separate master key held outside the row data, so database contents alone are not enough to recover a provider key.
  • Never shown back in full. After you save it, the Console never re-displays the full key — only a masked reference.
  • Treated as Customer secrets. Provider keys and webhook secrets are handled as processor-held secrets under the DPA, with the same isolation and access controls as the rest of your data.

How your key is used

  • Only to execute your requests. EgoX decrypts the key in memory to call your configured provider for your project's /ask traffic, and for nothing else.
  • Never shared across tenants. A key belongs to one project; tenant isolation keeps it there.
  • The provider is your subprocessor too. When EgoX transmits your prompts and context to the provider using your key, that provider processes the data under your agreement with them.

Your responsibilities

Because inference runs on your key, a few things stay on your side:

  • Scope and rotate your provider key appropriately, and revoke it if it leaks.
  • Comply with your provider's usage policies — a violation of their terms can also be an Acceptable Use violation.
  • Keep the key confidential in your own systems; EgoX only ever receives it over TLS and stores it encrypted.

If a key is ever compromised

Rotate the affected provider key with your provider immediately, then update it in the Console. If EgoX ever detects a platform-side incident touching stored secrets, affected tenants are notified without undue delay per our breach process.

On this page