Bring Your Own LLM Key
Encrypted customer-supplied credentials, tenant-scoped resolution, and traceable AI activity — without losing control of your provider relationship.
Your provider account, your governance.
Organization-Controlled Provider Access
BYOL allows a customer to use its own supported AI provider account rather than relying only on a platform-wide credential. Depending on product configuration, supported providers may include OpenAI, Groq, and Google Gemini.
- —Provider relationship and terms
- —Model availability
- —Usage limits and billing
- —Key revocation
- —Provider-side logs and settings
- —Geographic or account configuration
- —Internal approval of models
Encrypted Key Storage
Customer-provided credentials are encrypted before database storage. AES-256-GCM with a unique IV and authentication tag protects the value against unauthorized disclosure and modification.
The interface should never return the complete decrypted key after it is saved. Administrators should see a masked state and replace the key when rotation is required.
Tenant-Level Separation
Each key belongs to a specific organization. Provider configuration and usage must be resolved from authenticated tenant context, preventing one organization from using another tenant’s credential.
AI Transaction Traceability
BYOL can be combined with hashed AI transaction logs. This helps teams correlate model activity with the relevant organization, provider, model, and request fingerprint without creating a second complete copy of sensitive payload content.
Cost and Vendor Governance Benefits
- —Direct provider cost visibility
- —Organization-specific budgets and rate limits
- —Reduced platform lock-in
- —Faster provider revocation
- —Independent provider-side governance
- —Flexible routing between fast and high-reasoning models
Shared Responsibility
The customer remains responsible for protecting its provider account, limiting key permissions, monitoring usage, configuring provider data controls, rotating credentials, reviewing provider terms, and responding to suspected compromise.
Rumbe remains responsible for protecting the key within the product boundary according to the contracted service and deployed architecture.
Frequently asked questions
Can each Rumbe tenant use a different LLM key?+
The mapped design supports organization-specific provider configuration and encrypted customer-supplied credentials.
Will Rumbe show the saved key again?+
A secure implementation should not expose the complete decrypted key through the interface after storage. Replacement is safer than redisplay.
Does BYOL eliminate all AI provider risk?+
No. It improves control but the customer must still evaluate provider terms, data handling, logging, residency, and model behavior.
Can BYOL help reduce vendor lock-in?+
Yes. Rumbe’s model-agnostic orchestration and tenant-level credentials can make it easier to change approved providers or models.
Evaluate Rumbe AI for your environment.
Vovance Inc. can discuss Rumbe AI’s architecture, available controls, deployment assumptions, and contractual options for your use case.