Skip to main content
All CollectionsLLMAsAService.io
Securely Managing LLM Vendor API Keys
Securely Managing LLM Vendor API Keys
Updated over 4 months ago

Each vendor needs you to identify when making a call to their service. This is performed by giving you a secret key called an API Key. That key is passed with every request. If you are calling through your software you need to securely manage that key just like a password or credit-card number. If it was made public those people could call the LLM vendor impersonating you, running up your bill.

We take the hassle out of securing those keys by -

  1. Storing in encrypted at rest and in transit

  2. Not being able to retrieve it once it is added to your service (you can add another and overwrite the old one)

  3. Giving you ONE place to handle all of your different vendor keys.

  4. Allowing you to have multiple services for the same vendor using different keys so there is no downtime when rotation keys (which we recommend every three months)

  5. Reminding you that you haven't rotated your key and nag you until you do!

In each service click the "ADD OR UPDATE API KEY" button, and paste the new key into the text box and click SAVE.

A reminder of some practices to avoid or adopt -

  1. Never write down, send in email, slack or other chat windows any API Key. Create a key on your LLM Vendors website and paste it directly into the API Key box. You can always create another key.

  2. Only give access to the app.LLMAsAService.io control panel to those you trust. Even though the keys cannot be recovered through our website, service disruption can occur.

  3. Secure who has access to your LLM vendor accounts. Use strong passwords and 2FA if those vendors support it.

  4. NEVER store API Keys in code or source control systems. Using LLMAsAService.io means you never have to give development teams access to the API keys.

Did this answer your question?