Overview
Use the Admin API to store API keys in the per-workspace KeyVault.
Prerequisites
- Workspace admin access with permission ai.configure
- Valid API keys for one or more providers (OpenAI, Anthropic, Gemini, Mistral, Hugging Face)
Permissions required
Steps (3)
-
1
Open Provider Keys
From AI Hub, choose “Provider Keys”. Or call GET /AdminApi.php?provider=openai to check existing credentials.
Tips
—
Validation
- If GET returns {"ok":true,"creds":{…}}, the vault is reachable.
Success criteria
—
-
2
Save credentials to KeyVault
POST /AdminApi.php with {"provider":"openai","creds":{"api_key":"sk-…"}}. Repeat for other providers as needed.
Tips
—
Validation
—
Success criteria
- Admin API returns {"ok":true}.
-
3
Verify encryption & rotation
Ensure AI_KEYRING_SECRET is set for AES-256-GCM. For rotations, provide comma-separated secrets; old keys remain valid for decrypt.
Tips
- Keep the old secret to the right of the comma until all creds are verified with the new key.
Validation
—
Success criteria
—
About this guide
AI Hub centralizes generative AI for your workspace with a single, policy-aware gateway to multiple providers. Teams get a streamlined chat experience with searchable history and feedback, a minimal Query API for quick prompts, and embeddings for retrieval workflows. Operators gain visibility with usage & cost tracking, quotas, and exportable audit logs.
Choose the best model for each task, fail over between providers, and moderate inputs/outputs with block/warn/allow policies. Keys are encrypted at rest and scoped per workspace. Long-running tasks run on a background worker and broadcast events so other apps can react in real time.
Designed for safety and speed: opinionated defaults, least-privilege access, and drop-in APIs that make it easy to bring AI to every surface of Velaxe.