Quickstart
Five minutes from signup to a working sanitized token in production. No backend changes. No SDK swaps.
- 1
Create an account
Sign up at keyvaultedge.com/login. No credit card required — the free plan includes 3 sanitized tokens and 100K requests per month.
- 2
Add an API key
In the dashboard, go to API Keys → Add Key. Paste your real API key (e.g. your OpenAI
sk-proj-...key). Select the provider. The key is encrypted and stored — you will never see it in plaintext again. - 3
Generate a sanitized token
Go to Tokens → New Token. Select the key you just added. Add your authorised origins — the domains that are allowed to use this token (e.g.
yourdomain.com,localhost). Click Generate. Copy thekve_hb_...token. - 4
Replace your .env
.env# BeforeOPENAI_API_KEY=sk-proj-abc123...real_key # After — safe to commitOPENAI_API_KEY=kve_hb_[YOUR_TOKEN]OPENAI_BASE_URL=https://openai.keyvaultedge.com/v1 - 5
Test it
Terminalnode -e "const OpenAI = require('openai');const openai = new OpenAI();openai.models.list().then(r => console.log('Connected:', r.data.length, 'models'));"
Use it in your language
Initialise, then point your API calls at the proxy
Keep your existing provider SDK. Set the base URL to your KeyVault Edge proxy and pass the kve_hb_ token instead of the real key. Every request is verified against your authorised origins, the real key is injected at the edge, and the response streams back unchanged.
# Point any request at the KeyVault Edge proxy.# Send your kve_hb_ token in place of the real key —# the real key is injected at the edge, never in your code.curl https://openai.keyvaultedge.com/v1/chat/completions \ -H "Authorization: Bearer kve_hb_[YOUR_TOKEN]" \ -H "Content-Type: application/json" \ -d '{ "model": "gpt-4o-mini", "messages": [{ "role": "user", "content": "Hello from the edge" }] }'Swap openai.keyvaultedge.comfor the matching proxy host of any provider you've connected (Stripe, GitHub, Anthropic, …). The pattern is identical: point the base URL at the proxy, send the token.