Your agents.
Your rules.
Lumkey sits between your agents and model providers — enforcing policies, logging every call, and keeping your credentials off the wire.
The problem
Every agent gets a master key.
Nobody's watching.
AI agents need to call model providers. So teams hand each one a raw API key — direct, unrestricted access to OpenAI or Anthropic. No scope. No policy. No oversight. It works until it doesn't.
Key sprawl
One raw key ends up in ten places — env files, CI pipelines, agent scripts, contractor laptops. Revoking it breaks everything. Rotating it is a project.
No enforcement
Nothing stops an agent from going over budget, leaking sensitive prompts, or making calls you never intended. There is no layer to intercept, block, or hold for review.
No record
When something goes wrong — a runaway cost spike, a data leak, an unexpected tool call — there's no log of what happened, who triggered it, or why it was allowed.
How it works
Three steps to a
safer control plane.
No agent code changes required. Swap the endpoint, issue a key, attach a policy.
What Lumkey does
One control layer.
Four core guarantees.
Safe access
Agents use Lumkey keys instead of raw provider keys. Rotate, revoke, or scope any key without changing your agent code.
Real-time control
Every request can be allowed, blocked, redacted, held for approval, or logged — before it reaches the provider.
Trust and auditability
Every decision is traceable. Logs, policy matches, and provenance data give you a complete chain of custody.
Practical security
Strong secret handling and access controls designed around low-friction operational workflows, not security theater.
Policy engine
Define exactly what agents are allowed to do.
Allow or block
Rules that run before requests reach the provider
Set policies per key. Allow specific models, block prompt patterns, redact PII before it leaves, or hold requests for manual review — without touching agent code.
Inspect
Full access to prompt and tool call content
Policies can read the full request: prompt text, tool call arguments, model selection, and metadata. No black boxes.
No redeploy
Change behavior at runtime
Policy changes take effect immediately. Patch a rule without pushing new agent code or restarting services.
Audit log
A complete record of every request.
Full context
Key, user, provider, policy decision — all captured
Every call through Lumkey is logged with the key used, the provider targeted, which policy matched, and the final decision.
Export
SIEM, compliance, and incident response ready
Pipe audit events into your existing security tooling. Export records for compliance reviews. Reconstruct exactly what happened after an incident.
Human approvals
Keep humans in the loop where it matters.
Hold queue
Pause sensitive actions until a human reviews
Lumkey can hold requests matching certain patterns — destructive tool calls, high-budget prompts, anything your policy marks sensitive — until a human releases or rejects.
Notifications
Slack and webhook integrations
When a request is held, your team gets notified immediately. Review, approve, or reject directly from the notification.
Key security
Keys shown once.
Stored as hashes.
Never returned.
Lumkey uses a controlled-service trust model. Provider credentials are wrapped and stored as ciphertext. The management API is designed to redact provider secrets after creation — this is by design, not omission.
View full security overviewSecurity guarantees
Provider credentials stored as protected ciphertext
Keys shown once — stored only as hashes
Database access alone cannot reveal customer provider keys
Runtime-only decryption via KMS-backed key wrapping
Pricing
Simple, honest plans.
Product and engineering teams
Pro
- Human approvals
- Anomaly scoring
- HDP provenance
- Webhook integrations
Large orgs and critical deployments
Enterprise
- SSO / SCIM
- SIEM export
- Self-hosting option
- Extended log retention
Free plan requires no credit card. No sales call required to evaluate.
Start evaluating Lumkey today.
No credit card. No sales call. No heavy setup.