IBYOK

Security First

Your API keys are critical secrets. We've built IBYOK from the ground up with enterprise-grade security at every layer.

How we protect your keys

Every API key goes through our secure encryption pipeline before storage.

1

Key Submission

You submit your API key through our encrypted HTTPS connection.

2

KMS Encryption

AWS KMS generates a unique data key and encrypts your API key.

3

Secure Storage

Only the encrypted ciphertext is stored in DynamoDB.

4

Authorized Retrieval

When you request your key, KMS decrypts it just-in-time.

Security features

AWS KMS Encryption

All API keys are encrypted using AWS Key Management Service (KMS) before being stored. Each encryption operation uses envelope encryption with unique data keys.

Minimal Exposure Architecture

Your API keys are encrypted at rest and only decrypted at the moment of authorized retrieval. Keys are never logged or cached.

Secure Infrastructure

Hosted on AWS with VPC isolation, private subnets, and strict security groups. All data stored in encrypted DynamoDB tables.

Token-Based Access

Access to your keys requires authenticated tokens with specific scopes. Tokens can be revoked instantly and have configurable expiration.

Access Tracking

Track when your keys are accessed with last-used timestamps. Monitor token usage across your applications.

Security Best Practices

Built on AWS with industry-standard security practices. VPC isolation, encrypted storage, and secure key management.

Security best practices

Use scoped access tokens

Create separate access tokens for different applications with only the permissions they need. Never share tokens with broad scopes.

Set token expiration

Configure reasonable expiration times for access tokens. Shorter-lived tokens reduce risk if a token is compromised.

Use mock mode in development

Enable mock mode for development and staging environments. This prevents accidental API calls with real keys during testing.

Review access regularly

Periodically review your access tokens and revoke any that are no longer needed. Delete unused API keys from your vault.

Ready to secure your API keys?

Start with enterprise-grade security on our free tier.