Join
1
1 Comment

A behind-the-scenes look at how we manage LLM keys without seeing user data

by Kevin Tayong

As we started shipping more LLM-powered features, one problem kept coming up: API keys and cost visibility.

Between multiple providers, different environments, and growing usage, it became hard to answer basic questions:

  1. Where are the keys?
  2. Who’s using what?
  3. How much is this actually costing us?

We didn’t want a solution that required logging prompts or responses, or pulling sensitive data into a central backend.

So we built our own setup.

At a high level:

  • API keys are encrypted client-side and never stored in plaintext
  • We use a single virtual key instead of juggling provider-specific keys
  • Usage tracking is metadata-only (token counts, model names, timing)
  • No prompts or responses are collected
  • Inference stays on the client, so it works with cloud APIs and local models like llamafile

We ran this quietly in a small alpha to see if it held up in real usage.

It is now in open beta and free.

We’re fixing issues as they come up.

I’m sharing this mostly to sanity-check the approach with other builders:

  • How are you handling LLM keys today?
  • At what point did cost tracking become painful for you?
  • What’s missing for this to be actually useful day-to-day?
Avatar for Kevin Tayong Kevin Tayong
on January 20, 2026
Say something nice to Kevin_T…
Post Comment
  1. 1

    This resonates — I'm building an AI-powered tech news aggregator and managing API costs across multiple providers is one of those "hidden complexity" problems that compounds quickly.

    To your questions:

    How I'm handling keys today:
    Environment variables + provider-specific dashboards. It works, but I'm checking 3-4 different dashboards to understand monthly spend. The "virtual key" abstraction you mention sounds like it would simplify this significantly.

    When cost tracking became painful:
    Around $50-100/month. At that point, I needed to know which features were driving costs, not just total spend. Token counts by endpoint would've been helpful.

    What would make this useful day-to-day:

    • Alerts when usage spikes unexpectedly (e.g., "You're on track to spend 3x more than last week")
    • Per-feature breakdowns if you're running multiple AI features
    • Comparison view across providers (for those of us still deciding between Claude vs GPT for different tasks)

    The "no prompts/responses logged" part is important — that's usually the dealbreaker for trying third-party key management solutions.

    Are you planning to support cost estimation before requests? That would be huge for setting up rate limits or showing users "this action costs ~X tokens."

    User Avatar yamamoto7
    ·
    8 hours ago
    ·
    Reply
Trending on Indie Hackers
710% Growth on my tiny productivity tool hit differently, here is what worked in January User Avatar 64 comments Write COLD DM like this and get clients easily User Avatar 30 comments I built a tool to search all my messages (Slack, LinkedIn, Gmail, etc.) in one place because I was losing my mind. User Avatar 26 comments You roasted my MVP. I listened. Here is v1.3 (Crash-proof & 100% Local) User Avatar 26 comments Our clients have raised over $ 2.5 M in funding. Here’s what we actually do User Avatar 14 comments 🚀 I Built a Chrome ExtensionThat Turns Reddit Into a Real-Time Lead & Research Engine(Free for First 10 Users) User Avatar 10 comments