Paitho
Talk to Sales
BYOK · keys

Adding your keys.

Where to paste them. How they are stored. How they are rotated.

In the app

Workspace → Settings → Providers. Paste the key. We validate it with a no-op call to the provider's lightest endpoint. If validation fails the key is not stored.

How keys are stored

Per-workspace envelope encryption. Each workspace has a data encryption key wrapped by a key encryption key held in our KMS. Engineers cannot read your keys; the database row is ciphertext. The key never leaves our backend at request time except in the outbound HTTPS call to the provider you authorized. Full architecture in data residency & retention.

Rotation

Click rotate. We re-validate with the new key, swap the encrypted blob, and zeroize the old one. The old ciphertext is unrecoverable after rotation.

Through the API

curl -X POST https://api.paitho.ai/v1/providers/anthropic \
          -H "Authorization: Bearer $PAITHO_TOKEN" \
          -H "Content-Type: application/json" \
          -d '{"key": "sk-ant-..."}'

The endpoint returns a provider_id you can reference in routing rules. Routing & fallbacks.