Documentation
KeyVault Edge Docs
Everything you need to protect your API keys. From quickstart to production hardening.
Quickstart
Go from zero to a working sanitized token in under 5 minutes.
- Install the SDK
- Create your first token
- Replace in your codebase
- Test the proxy
SDK Reference
Full API reference for the KeyVault Edge Node.js and Python SDKs.
- Node.js SDK
- Python SDK
- REST API
- Webhooks
Security Model
How host-binding encryption works and our threat model.
- Token architecture
- AES-256-GCM encryption
- Host-binding
- Breach detection
Integration Guides
Step-by-step guides for every major API provider.
- OpenAI / GPT-4
- Anthropic Claude
- Stripe
- GitHub API
- AWS SDK
- Twilio
Quickstart
— 5 minutes to production1
Install the SDK
bash
npm install @keyvault-edge/sdk2
Initialise and create a token
typescript
import { KeyVaultEdge } from '@keyvault-edge/sdk';
const kve = new KeyVaultEdge({
apiKey: process.env.KVE_API_KEY,
});
const token = await kve.tokens.create({
name: 'openai-prod',
realKey: 'sk-proj-abc123...your_real_key',
provider: 'openai',
allowedHosts: ['api.myapp.com', 'myapp.com'],
rateLimit: { requests: 1000, window: '1m' },
});
console.log(token.sanitizedKey);
// kve_hb_7xKm9Lp2QrNv...safe_to_commit3
Replace in your env file
bash
# Before
OPENAI_API_KEY=sk-proj-abc123...real_key_exposed
# After (safe to commit)
OPENAI_API_KEY=kve_hb_7xKm9Lp2QrNv...sanitized_token4
Point your API calls at our proxy
typescript
import OpenAI from 'openai';
const openai = new OpenAI({
apiKey: process.env.OPENAI_API_KEY, // your sanitized token
baseURL: 'https://proxy.keyvaultedge.com/openai', // our edge proxy
});
// Everything else is identical — no other code changes.
const response = await openai.chat.completions.create({
model: 'gpt-4o',
messages: [{ role: 'user', content: 'Hello!' }],
});