Is it safe to give an AI tool your API keys?

An API key is the thing that lets an app talk to Claude or OpenAI on your behalf, and it can run up a bill. So when an app asks for it, you're right to stop and ask where that key ends up. Most of the time, the answer is "on their servers," and that's the part worth thinking about.

What you're actually handing over

A key that can spend money is a key that can be leaked, logged, or misused. When you paste it into a hosted app, it travels to that company's servers and sits there so the app can make calls for you. You're trusting that they store it well, don't get breached, and don't quietly use it for more than you agreed to. That trust might be well placed, but it's still trust in a company you can't see inside of.

The version where the key never leaves your side

There's a different arrangement: the key goes onto a machine you own, and never touches the app maker's servers at all. That's how Wetlether is built. Your key sits on your own box, in your own cloud, and the calls to the AI go straight from your box to the provider — the same path you'd use if you called them yourself.

We never receive your key, never store it, and never proxy your requests through us. There's no server of ours for it to sit on, so there's nothing on our side to leak or misuse.

The part that's true no matter what tool you use

Your AI provider still sees the requests you send on your key — that's unavoidable, because they're the one running the model. What you can remove is the extra company in the middle holding a copy of your key. That middleman is the part that doesn't have to exist, and removing it is most of the safety you were worried about.

The catch. Keeping the key on your own machine means you run that machine — a box in your own cloud, a few dollars a month, and you bring your own AI accounts. It's more setup than pasting a key into a website, and that's the trade for the key staying yours.

See how it works →

Wetlether — your keys stay on a box you own.

Keep reading