# How BoltAI handles your API keys

I take security & privacy very seriously when building BoltAI. In this blog post, I wanted to share more on how BoltAI handles your API keys and other credentials.

**TL;DR:**

* BoltAI stores your OpenAI API key securely in Apple Keychain.
* BoltAI encrypts other API keys using an encryption key. This key is stored securely in Apple Keychain.
* BoltAI sends requests directly to your AI service providers. There is no intermediate server.

### Bring your own keys

Unlike other AI apps where you pay a subscription to use their AI services, BoltAI allows you to bring-your-own-keys (BOYK). This approach brings multiple benefits:

* You pay for what you use.
* Your requests are sent directly to the AI services, making it a lot faster.
* Avoid [single point of failure](https://en.wikipedia.org/wiki/Single_point_of_failure). You can continue to use BoltAI even if my server is down.
* Protect your privacy. Your chats are not being routed to an intermediate server.

But it also raise a concern: are your API keys protected from malicious scripts and unauthorized access?

A simple solution: Keychain.

### What is Keychain Access?

If you're not familiar with Apple Keychain, it's is a password management system used in Apple’s macOS and iOS operating systems. It securely stores and manages passwords, encryption keys, certificates, and sensitive data for applications and websites.

Unlike a file-based storage like a SQLite database, all data stored in the Keychain is encrypted using strong encryption algorithms (AES-256). Only authorized apps or services can decrypt and access the stored data.

On macOS, you can access it with Keychain Access. Search for it in Spotlight and look for entries created by BoltAI.

Sounds great, right?

<figure><img src="/files/MmUryu78stojukgtc2Hk" alt=""><figcaption><p>Keychain Access</p></figcaption></figure>

### How BoltAI uses Apple Keychain?

BoltAI persists your OpenAI API key directly to the Keychain and other API keys on the SQLite database, encrypted. The ecryption key is stored securely in Keychain.

You may ask, why not store all of the API keys on Keychain?

The answer is, it's better for user experience. Let me explain.

When you upgrade your OS, or when you use multiple versions of BoltAI. There is a high chance that macOS would ask your password every time you use BoltAI. It would not a problem if it only ask once. But for some reasons, macOS ask your same password for every single password entry in Keychain.

If you have 10 API keys configured, you will need to enter the password 10 times. It's super annoying.

<figure><img src="/files/bnb9wU57GIJs3W2SBsmq" alt=""><figcaption></figcaption></figure>

### And that's it

I've been trying to write more help guides, tips and tricks using BoltAI. If you want to learn more about any topic, please let me know.

Thanks for your continued support 👋


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.boltai.com/blog/how-boltai-handles-your-api-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.