How BoltAI handles your API keys
I take security & privacy very seriously when building BoltAI. In this blog post, I wanted to share more on how BoltAI handles your API keys and other credentials.
TL;DR:
BoltAI stores your OpenAI API key securely in Apple Keychain.
BoltAI encrypts other API keys using an encryption key. This key is stored securely in Apple Keychain.
BoltAI sends requests directly to your AI service providers. There is no intermediate server.
Bring your own keys
Unlike other AI apps where you pay a subscription to use their AI services, BoltAI allows you to bring-your-own-keys (BOYK). This approach brings multiple benefits:
You pay for what you use.
Your requests are sent directly to the AI services, making it a lot faster.
Avoid single point of failure. You can continue to use BoltAI even if my server is down.
Protect your privacy. Your chats are not being routed to an intermediate server.
But it also raise a concern: are your API keys protected from malicious scripts and unauthorized access?
A simple solution: Keychain.
What is Keychain Access?
If you're not familiar with Apple Keychain, it's is a password management system used in Apple’s macOS and iOS operating systems. It securely stores and manages passwords, encryption keys, certificates, and sensitive data for applications and websites.
Unlike a file-based storage like a SQLite database, all data stored in the Keychain is encrypted using strong encryption algorithms (AES-256). Only authorized apps or services can decrypt and access the stored data.
On macOS, you can access it with Keychain Access. Search for it in Spotlight and look for entries created by BoltAI.
Sounds great, right?
How BoltAI uses Apple Keychain?
BoltAI persists your OpenAI API key directly to the Keychain and other API keys on the SQLite database, encrypted. The ecryption key is stored securely in Keychain.
You may ask, why not store all of the API keys on Keychain?
The answer is, it's better for user experience. Let me explain.
When you upgrade your OS, or when you use multiple versions of BoltAI. There is a high chance that macOS would ask your password every time you use BoltAI. It would not a problem if it only ask once. But for some reasons, macOS ask your same password for every single password entry in Keychain.
If you have 10 API keys configured, you will need to enter the password 10 times. It's super annoying.
And that's it
I've been trying to write more help guides, tips and tricks using BoltAI. If you want to learn more about any topic, please let me know.
Thanks for your continued support 👋
Last updated