KeyVault Edge

Simple, honest pricing

Start free. Upgrade when you need to. Cancel anytime.

Free

$0/month

For personal projects, side hustles, and exploration.

  • Up to 3 sanitized tokens
  • 100,000 proxied requests/month
  • 1 domain binding per token
  • Basic breach detection
  • Community support
  • Analytics dashboard
  • Custom rate limits
  • Team members
  • Slack alerts
  • SLA guarantee
Most Popular

Pro

$29/month

For production apps and developers who ship.

  • Unlimited sanitized tokens
  • 5,000,000 proxied requests/month
  • 10 domain bindings per token
  • Real-time breach detection
  • Priority email support
  • Full analytics dashboard
  • Custom rate limits
  • Up to 3 team members
  • Slack & email alerts
  • SLA guarantee

Team

$99/month

For engineering teams with shared infrastructure.

  • Unlimited sanitized tokens
  • 25,000,000 proxied requests/month
  • Unlimited domain bindings
  • Real-time breach detection
  • Priority support + live chat
  • Full analytics + export
  • Custom rate limits
  • Unlimited team members
  • Slack, email & PagerDuty alerts
  • 99.9% SLA

Enterprise

Custom

For organisations with compliance and scale requirements.

  • Unlimited everything
  • Custom request volume
  • Custom PoP routing
  • Advanced breach detection + SIEM
  • Dedicated account manager
  • Custom analytics + data export
  • Custom rate limits & policies
  • SSO (SAML) & SCIM provisioning
  • All alert channels
  • 99.99% SLA + custom MSA

Frequently asked questions

What counts as a proxied request?

Every API call that passes through the KeyVault Edge network — where we validate your token, decrypt, inject the real key, and forward to your upstream provider — counts as one proxied request.

Can I use KeyVault Edge with any API provider?

Yes. KeyVault Edge is provider-agnostic. It works with OpenAI, Anthropic, Stripe, GitHub, AWS, Twilio, and any HTTP-based API. You point your request at our proxy endpoint instead of the provider's endpoint.

What happens if I exceed my monthly request limit?

On Free, requests above the limit are blocked and you receive an alert. On paid plans, we apply overage billing at $0.20 per 1,000 additional requests, or you can upgrade to the next tier.

Is there a free trial for paid plans?

Pro and Team plans include a 14-day free trial — no credit card required. You get full access to all features during the trial period.

How does host-binding work exactly?

When you create a sanitized token, you specify which domains and/or IP ranges are authorised to use it. The token is cryptographically bound to those hosts using AES-256-GCM encryption. If the token is used from any other host, decryption fails and the request is blocked.

Do you store my real API keys?

Your real API keys are stored encrypted at rest using AES-256-GCM with per-tenant envelope keys. They are never logged in plaintext and are only decrypted transiently at the edge during request processing.

Need a custom arrangement?

We work with security teams, compliance-heavy environments, and high-volume applications. Let's talk.