Skip to main content

Vendor API Key Management

LanOnasis provides a centralized Foreign API Key Manager to securely manage upstream vendor credentials across the platform.

Why a key manager?

Prevent leaked or hard‑coded vendor keys
Enable rotation without redeploys
Enforce auditability and access boundaries

Capabilities

Secure storage and retrieval
Rotation policies and scheduling
Audit logs for access and changes
Scoped access by project and role

Access patterns

REST endpoints via https://api.lanonasis.com
MCP tools via https://mcp.lanonasis.com

Clients should never embed upstream provider keys in application .env files. Use the manager APIs or tools instead.

Typical flows

Create or import a vendor key into the manager (scoped to a project).
Reference the key by handle/alias from services or tools.
Rotate per policy; consumers automatically pick up the new version.
Review audits and alerts for unusual access patterns.

Migration from embedded keys

Remove provider keys from app configs and .env files.
Store them in the manager and reference by handle.
See Changelog & Migration for phased steps.

Security & Privacy: Implementation Overview
MCP: Production Server

Why a key manager?
Capabilities
Access patterns
Typical flows
Migration from embedded keys
Related docs