Open-source browser extension

MetaMask for AI.

A secure browser wallet for your LLM API keys and setup tokens. Connect to any app — your keys never leave the extension.

Install ExtensionTry the DemoView on GitHub

How it works

Install the wallet

Add the Byoky extension to Chrome, Firefox, or Safari. Set a master password to encrypt your vault.

Add your keys

Paste API keys or add a Claude setup token. Everything is encrypted locally with AES-256-GCM. Multiple keys per provider.

Connect to any app

Visit any Byoky-enabled app. Approve access in one click. Your keys stay in the vault — always.

Integrate in minutes.

Use your favorite provider SDK with Byoky's fetch proxy. Two extra lines. Full API compatibility. Keys never touch your app.

npm install @byoky/sdk

Native SDK compatibility

Works with official SDKs from Anthropic, OpenAI, Gemini, Mistral, and 11 more providers. Just swap in Byoky's fetch.

Streaming out of the box

Full SSE streaming support through the extension proxy. No special handling needed.

Backend relay

Your server makes LLM calls through the user's browser via WebSocket. Keys never leave the extension — even server-side.

CLI & local apps

The Byoky Bridge lets CLI tools and desktop apps route through the wallet via a local HTTP proxy. Keys stay in the extension.

app.ts
import Anthropic from '@anthropic-ai/sdk';
import { Byoky } from '@byoky/sdk';

const byoky = new Byoky();
const session = await byoky.connect({
  providers: [{ id: 'anthropic', required: true }]
});

// Use the native Anthropic SDK — keys never exposed
const client = new Anthropic({
  apiKey: session.sessionKey,
  fetch: session.createFetch('anthropic'),
});

Built for paranoia.

Security isn't a feature — it's the entire point.

AES-256-GCM encryption

Keys encrypted with PBKDF2 (600K iterations). 12-character minimum with real-time strength meter. Web Crypto API — no dependencies.

Zero key exposure

API keys never leave the extension process. Apps receive temporary session tokens. The extension proxies every request.

Full audit log

Every API request is logged with the app origin, provider, status, and timestamp. Complete visibility into credential usage.

Spending caps

Set token allowances per app — total or per provider. The proxy enforces limits so no app can overspend.

Encrypted vault backup

Export your vault as an encrypted .byoky file with a separate backup password. Import on any device.

Local only

No cloud. No telemetry. No tracking. Everything is stored on your device, encrypted behind your master password.

Your providers.

15 providers supported. Bring credentials from any of them.

Anthropic
API Key + Setup Token
OpenAI
API Key
Google Gemini
API Key + OAuth
Mistral
API Key
xAI (Grok)
API Key
DeepSeek
API Key
Cohere
API Key
Groq
API Key
Perplexity
API Key
Together AI
API Key
Fireworks AI
API Key
OpenRouter
API Key
Hugging Face
API Key + OAuth
Replicate
API Key
Azure OpenAI
API Key
Integration

Works with OpenClaw

Use your Byoky wallet as the key provider for OpenClaw.

The OpenClaw plugin connects through the Byoky Bridge — a local HTTP proxy that routes every API call through your extension. Your keys never leave the wallet, even when OpenClaw makes requests from the CLI.

OpenClaw
Bridge
Extension
LLM API
View PluginBridge Docs

Built in the open.

Byoky is fully open source under the MIT license. Audit the code, contribute, or fork it.

Star on GitHub

MIT License — free forever.