RelayKey
Get started
For coding agents

Your AI agent needs an API key. It does not need the real one.

Give Claude Code, Codex, Cursor, Replit Agent, and Devin scoped RelayKeys they can use while you audit and revoke without exposing your real OpenAI, Anthropic, Stripe, or internal API key.

Get a management API tokenllms-full.txt
One call

Bulk-import a .env file, replace real keys with RelayKeys

POST any .env contents to /api/v1/import. RelayKey detects the vendor for each key, creates a protected integration, issues a disposable RelayKey, and returns the snippets you need to apply.

POST /api/v1/import
curl -X POST https://app.relaykey.ai/api/v1/import \
  -H "Authorization: Bearer rk_mgmt_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "env": "OPENAI_API_KEY=sk-real\nANTHROPIC_API_KEY=sk-ant-real\nRESEND_API_KEY=re_real",
    "default_ttl_seconds": 2592000
  }'

Each entry in the response includes a proxy_token, a proxy_base_url, and a snippets object with env, node, and python changes ready to paste in.

The recipe

Four steps, every time

  1. 01

    Find the keys

    Grep .env files and source for real vendor API keys. Any key an app or agent can leak is a candidate.

    bash
    grep -RhoE '^[A-Z_]+_(API_KEY|TOKEN|SECRET)=.+' \
  .env .env.local .env.production 2>/dev/null
  2. 02

    POST to /api/v1/import

    Send the keys as a .env paste. Get back proxy URLs and per-SDK snippets.

    curl
    curl -X POST https://app.relaykey.ai/api/v1/import \
  -H "Authorization: Bearer rk_mgmt_xxxxxxxx" \
  -H "Content-Type: application/json" \
  --data-binary @- < .env
  3. 03

    Apply the SDK snippets

    For each imported key, replace the real key in .env with the RelayKey, add the *_BASE_URL var, and pass baseURL to the SDK constructor. The pattern is the same for every SDK.

    .env diff
    - OPENAI_API_KEY=sk-real-master-key
+ OPENAI_API_KEY=rk_proxy_xxxxxxxx
+ OPENAI_BASE_URL=https://proxy.relaykey.ai/conn_xxx
  4. 04

    Verify with a single curl

    Hit a known-safe upstream path through the proxy. Confirm the request appears in the audit log.

    curl
    curl -i https://proxy.relaykey.ai/conn_xxx/v1/models \
  -H "Authorization: Bearer rk_proxy_..."
Before / after

The exact one-line change, per SDK

OpenAI (Node)
before
new OpenAI({
  apiKey: process.env.OPENAI_API_KEY,
});
after
new OpenAI({
  apiKey: process.env.OPENAI_API_KEY,
  baseURL: process.env.OPENAI_BASE_URL,
});
Anthropic (Node)
before
new Anthropic({
  apiKey: process.env.ANTHROPIC_API_KEY,
});
after
new Anthropic({
  apiKey: process.env.ANTHROPIC_API_KEY,
  baseURL: process.env.ANTHROPIC_BASE_URL,
});
ElevenLabs (Node)
before
new ElevenLabsClient({
  apiKey: process.env.ELEVENLABS_API_KEY,
});
after
new ElevenLabsClient({
  apiKey: process.env.ELEVENLABS_API_KEY,
  environment: process.env.ELEVENLABS_BASE_URL,
});
Resend (Node)
before
new Resend(process.env.RESEND_API_KEY);
after
new Resend(process.env.RESEND_API_KEY, {
  baseUrl: process.env.RESEND_BASE_URL,
});
Cloudflare (curl)
before
curl https://api.cloudflare.com/client/v4/zones \
  -H "Authorization: Bearer $CF_TOKEN"
after
curl https://proxy.relaykey.ai/conn_xxx/client/v4/zones \
  -H "Authorization: Bearer rk_proxy_..."
Stripe (Python)
before
stripe.api_key = os.environ["STRIPE_SECRET_KEY"]
after
stripe.api_key = os.environ["STRIPE_SECRET_KEY"]
stripe.api_base = os.environ["STRIPE_BASE_URL"]
References

Files an agent should read

Ready to make agent keys disposable?

Get a management API token and post a .env. The response gives your agent scoped RelayKeys and the code changes needed to stop using real production keys.

Get a management API token