Hand us your provider keys. We still can't read them.
BYOK lets you route OpenAI, Anthropic, Google, and DeepSeek through SafeRouter on your own keys. Each key is sealed inside the same AMD SEV-SNP enclave that already serves production, so SafeRouter forwards on your behalf at zero markup while the key stays invisible to our operators, the host, and the cloud provider.
in testing · early access rolling outA model gateway is a middleman that can read your keys
Every multi-model router sits between your application and the model providers. To call those providers it holds your most sensitive secret: the API keys that bill your accounts and reach your data. On a normal gateway those keys live in plaintext in someone else's process memory, readable by their operators and anyone who compromises their host. You are trusting a promise.
The enclave is already running. BYOK extends it to your keys.
SafeRouter already serves production from inside an AMD SEV-SNP hardware enclave. Memory is encrypted by the CPU, the workload is measured, and anyone can re-verify that measurement and signature in their browser on the verifier page. BYOK pulls your provider keys inside that boundary: the key is sealed on arrival, used only inside the enclave to reach the upstream model, and never written to disk or logs in clear. The property is enforced by hardware and attested, so it is verifiable rather than a policy you have to take on faith.
Seal, route, verify
Submit your key
Paste an OpenAI, Anthropic, Google, or DeepSeek key. It enters the enclave over an encrypted channel and is sealed to the measured workload. After that it only ever appears as a masked fingerprint.
We call upstream on your key
SafeRouter forwards your request to the provider from inside the enclave using your sealed key. Your prompt and your key never leave that boundary in clear, and you pay the provider directly at their list price.
Check it yourself
Re-verify the enclave measurement and signature in your browser, and pull a per-call receipt from the transparency log. The code that handles your key is the binary you measured.
What you get
We never see your key
Your provider key lives only inside the SEV-SNP enclave. SafeRouter operators, the host OS, and the cloud provider cannot read it, and the hardware attests to that.
Subscription, not a token tax
Pay your providers directly at their published rates. On your own keys SafeRouter adds no per-token markup. You pay a flat subscription for routing, governance, and verifiable logs.
Keep your own terms
Your enterprise agreements, committed-use discounts, and rate limits with each provider stay yours. SafeRouter sits in front as the confidential, auditable gateway.
Proof, not a promise
Every call still lands in an append-only hash chain with a per-call receipt. You can confirm which model answered and that the enclave handling your key is the one you verified.
Bring your own key, or let us manage it
Use your own provider keys, sealed in the enclave. Best for teams with their own provider contracts and volume.
- You pay providers directly at list price
- Flat subscription for routing and governance
- Keys never leave the enclave in clear
Top up a balance and let SafeRouter handle provider keys for you. Best for getting started fast with no provider accounts of your own.
- One balance across every model
- No provider contracts to manage
- Available today on the credits page
Sealed keys
Add an upstream provider key. It is sealed inside the enclave the moment it arrives, only the ciphertext is stored, and it is never shown again. Remove it any time.
Request BYOK early access
Tell us which providers you route and your monthly volume. We'll reach out as the sealed key vault rolls out to your account.
The enclave, attestation, and transparency log are live and independently verifiable today. The sealed key vault is what BYOK adds on top. Prefer email? Write to hello@sumplus.xyz.