Problem: Every AI app wants you to paste your OpenAI/Anthropic key. Keys spread across dozens of apps with zero visibility, and you can only revoke by rotating the key itself.
Proposal: OKAP (Open Key Access Protocol) - like OAuth, but for API keys.
How it works:
1. Keys stay in YOUR vault (self-host or hosted)
2. Apps request access via token (scoped to provider, models, expiry)
3. Vault proxies requests - apps never see your actual key
4. Revoke any app instantly without touching your master key
Not to be confused with LiteLLM/OpenRouter (those are proxies you pay for). OKAP is a protocol for user-owned key management - your keys, your vault, your control.
Problem: Every AI app wants you to paste your OpenAI/Anthropic key. Keys spread across dozens of apps with zero visibility, and you can only revoke by rotating the key itself.
Proposal: OKAP (Open Key Access Protocol) - like OAuth, but for API keys.
How it works: 1. Keys stay in YOUR vault (self-host or hosted) 2. Apps request access via token (scoped to provider, models, expiry) 3. Vault proxies requests - apps never see your actual key 4. Revoke any app instantly without touching your master key
Not to be confused with LiteLLM/OpenRouter (those are proxies you pay for). OKAP is a protocol for user-owned key management - your keys, your vault, your control.
Working implementation: - Hosted vault: https://vault.okap.dev - Python SDK: pip install okap - Spec: https://okap.dev
Looking for feedback. Would you use this for your AI tools? What's missing?