Built to be trusted with your keys.
Byoky sits on the path of every AI request, so security is the architecture — not a feature bolted on. Here’s exactly how your credentials, prompts, and spend data are handled.
Sealed credentials
Provider keys are KMS-envelope encrypted with a per-org data key. They are decrypted in memory only to forward a request; apps and agents carry scoped byk_ keys and never see the raw key.
Database-enforced tenant isolation
Every org’s data is separated with Postgres row-level security — the boundary is enforced at the database, not just in application code, so a missing WHERE clause can’t leak across tenants.
SSO & RBAC
Sign in with OIDC (Google / Microsoft / Okta). Five scoped roles — owner, admin, finance, security, member — gate every action.
Immutable audit log
Every budget, policy, key, member, and access change is recorded append-only: who, when, what, before/after.
Opt-in, redacted prompt capture
Metadata (model, tokens, cost, latency, verdict) is captured by default. Full prompt capture is off unless a budget opts in — and even then only a short, PII/secret-redacted preview is stored, never the raw prompt.
Fail-open by design
If Byoky is unreachable, the SDK degrades straight to the provider. Adopting Byoky cannot make your AI less reliable — it is an upgrade, never a new single point of failure.
What we store — and what we don’t.
Provider keys
Stored only as KMS-sealed ciphertext, scoped to your org. Never logged, never returned by an API, never visible to any app.
Prompts & responses
Not stored by default. If you explicitly enable prompt logging on a budget, we keep a truncated, redacted preview for observability — API keys, emails, cards, and SSNs are stripped before anything is written.
Spend & usage
We record request metadata (model, tokens, cost, latency, policy verdict, attribution) to power budgets, dashboards, and the ledger. This is your data — exportable, and deletable on request.
Payments
You keep paying your providers directly on your own accounts and discounts. Byoky meters and invoices its own fee — we do not hold or resell your provider spend.
Run it your way.
Self-hostable
The full stack ships as Docker/Helm. Run it in your own cloud with your own KMS and IdP so provider keys and prompt data never leave your boundary. The code is open source (MIT) — audit exactly what touches your keys.
Sub-processors (managed offering)
The forwarding engine (LiteLLM) runs stateless in the same private region and holds no keys — they’re injected per request and never persisted there. Your chosen model providers receive the requests you send. A current sub-processor list is available on request.
Where we are — stated plainly.
SOC 2 Type I is in progress. We’re not going to claim a certification we don’t hold. In the meantime, the architecture above — KMS custody, RLS isolation, RBAC, immutable audit, self-hosting — is designed to meet those controls, and we’re happy to walk your security team through it.
Report a vulnerability
Found something? Email security@byoky.com. We read every report and respond quickly.