BYOK: bringing your own AI keys for government prototyping

BYOK stands for bring-your-own-key. In an AI tool context: the customer supplies their own API key for the underlying model provider (Anthropic, Google, OpenAI), and the tool uses that key for the customer’s workload instead of billing the AI usage through its own account.

For UK government service teams, BYOK comes up early in procurement. This guide is what we tell teams who are about to ask for it: what it changes, what it doesn’t, and the contract terms worth checking.

Why public-sector procurement asks for BYOK

Three reasons, in roughly the order they come up:

• Direct contractual relationship with the AI provider. The department holds its own Data Processing Agreement (DPA) with Anthropic or Google rather than relying on the tool’s sub-processor terms. The legal team can read and audit that DPA directly.
• Data residency. The customer’s API contract specifies where requests are routed and where data is processed. If the department needs UK or EU residency, contracting directly with the provider is the cleanest path.
• Auditable usage. Spend, request volumes and request content show up in the customer’s own provider dashboard, with whatever logging the customer has configured.

What BYOK does not change

The model still runs on the provider’s infrastructure. BYOK is a billing and contracting model; it isn’t self-hosted AI. The prompt still goes to Anthropic / Google / OpenAI; the response still comes back from them. What changes is whose name is on the invoice and the contract.

It also doesn’t change anything about the tool’s own data handling. The platform still sees the prompts and outputs; they still flow through its servers; its own DPA still applies to that hop. BYOK addresses the model-provider relationship, not the tool-provider relationship.

Contract terms worth checking

When the procurement team asks the AI provider for the BYOK contract terms, these are the clauses that matter most:

• Training opt-out. Confirm in writing that prompts and outputs are not used to train models. Both Anthropic and Google offer this for API customers, but it needs to be explicit on the contract.
• Data residency. Specify the region in which requests are processed. Anthropic offers EU residency on request; Google offers regional routing through Vertex AI. Don’t assume; ask.
• Retention. How long does the provider retain request and response data for abuse-monitoring purposes? 30 days is typical; can be reduced on request.
• Sub-processor list. Some providers route through hyperscaler infrastructure (AWS, GCP); confirm which sub-processors are in play and that the department’s existing data-protection assessments cover them.
• Notification of changes. When the provider updates the model behind the API, or the sub-processor list, does the customer get notified? Departmental change-control processes need lead time.

How Vibe handles BYOK

In Vibe, BYOK is on every paid plan from Rising Vibes upwards. The implementation:

• Keys are encrypted at rest with AES-256-GCM using an encryption key separate from platform credentials. The plaintext key is never written to disk or logs.
• Keys are scoped to the workspace that entered them. A BYOK key cannot be used by any other workspace, even by the same user on a different team.
• Key rotation is one-click. Replacing a key invalidates the previous version immediately; no in-flight request continues to use the old key.
• The key is used only for the customer’s own workload. Vibe’s shared infrastructure (the landing page, the templates page, anything not behind your login) does not touch your key.
• An audit log records every key event: created, used, rotated, revoked. Available to the workspace owner.

Detailed posture is in the confidentiality statement and the DPIA.

When BYOK is the right call

• The department’s procurement team requires a direct contractual relationship with the AI provider.
• Data residency or sub-processor constraints require a contract Vibe’s standard terms don’t cover.
• The department already has a negotiated API contract with the provider and prefers to consolidate spend there.
• Internal audit requires AI usage to surface in the department’s own observability stack.

When platform-billed is fine

• The team is on Vibe’s Good Vibes or Rising Vibes plan and the standard sub-processor terms meet the department’s threshold.
• The work is discovery or early alpha, where the procurement bar is lighter and the prototype is short-lived.
• The team prefers a single invoice and doesn’t want another vendor to manage.

Vibe.WithGov is an independent product, not affiliated with Anthropic, Google or the Government Digital Service. For contract-specific questions, the AI providers’ own procurement teams are the authoritative source. See the FAQ for more.