Skip to content
Eiryx Docs

API Keys (BYOK)

Eiryx uses BYOK (Bring Your Own Key). You provide your own AI provider API key. Your key, your costs, full transparency.

Supported Providers

ProviderKey FormatModels Available
OpenRouter (recommended)sk-or-v1-...All models (routes to any provider)
Anthropicsk-ant-...Claude Haiku 4.5, Sonnet 4.6, Opus 4.6
Google AIAI...Gemini 3 Flash, Gemini 3.1 Pro

OpenRouter is recommended because a single key gives access to all models from all providers.

Setup

  1. Go to Settings in the Eiryx dashboard
  2. Click Add API Key
  3. Select the provider
  4. Paste your API key
  5. Click Save

The key is validated on save (a test call is made to verify it works).

Encryption

All API keys are encrypted before being stored in the database:

  • Algorithm: AES-256 via Fernet (symmetric encryption from the cryptography Python library)
  • Key storage: The encryption key (ENCRYPTION_KEY) is an environment variable on the server, never in the database
  • At rest: The database column contains only the encrypted ciphertext
  • In transit: HTTPS between your browser and the API server
  • In memory: Keys are decrypted only at the moment of an API call, then immediately discarded

We never log, print, or expose your API key. All log output sanitizes keys to [***HIDDEN***].

Cost Transparency

Eiryx tracks token usage and cost for every task. You can see:

  • Per-task cost in the Task Detail page
  • Total cost in the Dashboard
  • Cost breakdown in every Pull Request (model, input tokens, output tokens, total USD)

The cost is calculated from the model registry pricing and actual token counts reported by the provider.