A secure browser wallet for your LLM API keys and auth tokens. Connect to any app — your keys never leave the extension.
Add the byoky extension to Chrome, Firefox, or Safari. Set a master password to encrypt your vault.
Paste API keys or sign in with OAuth. Everything is encrypted locally with AES-256-GCM. Multiple keys per provider.
Visit any byoky-enabled app. Approve access in one click. Your keys stay in the vault — always.
Use your favorite provider SDK with byoky's fetch proxy. Two extra lines. Full API compatibility. Keys never touch your app.
npm install @byoky/sdkWorks with the official Anthropic, OpenAI, and Gemini SDKs. Just swap in byoky's fetch.
Full SSE streaming support through the extension proxy. No special handling needed.
Detect which providers the user has. Request specific providers or accept any available one.
import Anthropic from '@anthropic-ai/sdk';
import { Byoky } from '@byoky/sdk';
const byoky = new Byoky();
const session = await byoky.connect({
providers: [{ id: 'anthropic', required: true }]
});
// Use the native Anthropic SDK — keys never exposed
const client = new Anthropic({
apiKey: session.sessionKey,
fetch: session.createFetch('anthropic'),
});Security isn't a feature — it's the entire point.
Keys are encrypted with a password-derived key using PBKDF2 with 600,000 iterations. Web Crypto API — no dependencies.
API keys never leave the extension process. Apps receive temporary session tokens. The extension proxies every request.
Every API request is logged with the app origin, provider, status, and timestamp. Complete visibility into credential usage.
No cloud. No telemetry. No tracking. Everything is stored on your device, encrypted behind your master password.
Bring credentials from any supported provider.
More providers coming. Or add any provider with a custom API key.
byoky is fully open source under the MIT license. Audit the code, contribute, or fork it.
Star on GitHubMIT License — free forever.