SecurityJune 16, 20267 min read

Managing AI API Keys Securely: OpenAI, Anthropic, and Google

AI API keys are expensive when leaked. A single exposed OpenAI key can rack up thousands in charges overnight. Here's how to manage them properly.

The Cost of a Leaked AI Key

AI API keys are not like most API keys. They provide direct access to pay-per-use services with no natural rate limit. A leaked OpenAI key can generate thousands of dollars in charges within hours as automated scripts make expensive model calls. Anthropic and Google AI keys carry the same risk. Unlike a leaked GitHub token that can be rotated with minimal damage, a leaked AI key results in immediate financial impact.

Despite this, developers routinely store these keys in some of the least secure places imaginable: shell configuration files, .env files in project directories, and plaintext config files that get accidentally committed to git repositories.

Where Keys Typically Live (and Shouldn't)

Here are the most common places developers store AI API keys and the risks associated with each:

Location	Risk	How It Leaks
~/.zshrc or ~/.bashrc	High	Pushed to dotfiles repo on GitHub
.env in project directory	High	Committed to git, even with .gitignore
Environment variable in CI	Medium	Logs, error messages, debug output
Plaintext config file	High	Backup tools, file sharing, screenshots
ConfigSync encrypted vault	Low	AES-128 encrypted, master password required

The most common mistake is putting OPENAI_API_KEY="sk-..." directly in .zshrc. This works, but it means the key exists in plaintext on disk and gets included in any dotfile backup or sync. If you push your shell config to a public GitHub repo — even briefly — bots will find and abuse the key within minutes.

The ConfigSync Approach: Encrypted Vault

ConfigSync provides two mechanisms for handling AI API keys: the secret vault for individual keys and encrypted .env file tracking for project-specific configurations.

Store AI API keys in the encrypted vault

# Store each key in the encrypted vault configsync secret set OPENAI_API_KEY # Enter: sk-proj-xxxxxxxxxxxxxxxx configsync secret set ANTHROPIC_API_KEY # Enter: sk-ant-xxxxxxxxxxxxxxxx configsync secret set GOOGLE_AI_KEY # Enter: AIzaSyxxxxxxxxxxxxxxxx # Keys are encrypted with AES-128 (Fernet) using your master password # Each secret gets its own salt for additional security

Secrets are encrypted locally before they ever leave your machine. The encryption uses PBKDF2 key derivation from your master password with per-secret salts, then Fernet (AES-128-CBC) for the actual encryption. Even if someone gains access to your ConfigSync storage, they cannot read your keys without your master password.

Encrypting .env Files

Many AI projects use .env files to store API keys alongside other configuration. Instead of trying to extract individual keys, you can track the entire .env file with encryption.

Track .env files with encryption

# Track a project's .env files — automatically encrypted configsync add env ~/git/ai-project # This captures and encrypts: # ~/git/ai-project/.env # ~/git/ai-project/.env.local # Push encrypted .env files configsync push -m "AI project environment files"

Environment-scoped keys: Use different API keys for development and production. Rate-limited dev keys protect against runaway scripts during development. ConfigSync profiles let you maintain separate .env files per environment with different keys for each.

Injecting Keys Without Writing to Disk

The most secure approach is to never write API keys to disk at all. ConfigSync can inject secrets as environment variables directly into your shell session using the inject_as_env feature.

Inject keys as environment variables

# In your shell config, source ConfigSync secrets eval "$(configsync secret inject)" # This sets environment variables for the current session: # OPENAI_API_KEY=sk-proj-xxxxxxxx # ANTHROPIC_API_KEY=sk-ant-xxxxxxxx # GOOGLE_AI_KEY=AIzaSyxxxxxxxx # The keys exist only in memory — never written to disk as plaintext # When the shell session ends, they're gone

With inject_as_env, your AI API keys exist only in the process environment of your shell session. They are never written to a file on disk, never appear in your shell history, and disappear when you close the terminal. Any tool that reads OPENAI_API_KEY from the environment works as expected, but the key is never at rest in plaintext.

Key Rotation Workflow

When you need to rotate an AI API key — whether because of a suspected leak, a policy requirement, or switching to a new account — ConfigSync makes the process painless across all your machines.

Rotate a key across all machines

# Generate a new key in the provider's dashboard, then: configsync secret set OPENAI_API_KEY # Enter the new key # Push the updated key configsync push -m "rotated OpenAI API key" # On every other machine: configsync pull # All machines now have the new key — no manual editing

Without ConfigSync, rotating a key means logging into every machine, finding every place the key is referenced, and updating each one. Miss one and that machine stops working. With ConfigSync, update the key once, push, and every machine gets the new key on pull.

Best Practices Summary

AI API keys deserve the same security attention as database credentials or SSH private keys. Here is the recommended approach:

Complete AI key management setup

# 1. Store keys in the encrypted vault configsync secret set OPENAI_API_KEY configsync secret set ANTHROPIC_API_KEY # 2. Track project .env files with encryption configsync add env ~/git/ai-project # 3. Add inject to your shell config # In ~/.zshrc: # eval "$(configsync secret inject)" # 4. Push encrypted keys configsync push -m "secure AI key setup" # 5. Never put keys in plaintext config files again

Stop putting API keys in .zshrc. Stop committing .env files. Encrypt your AI API keys with ConfigSync and sync them securely across every machine you use.

Ready to try ConfigSync?

Sync your entire dev environment across machines in minutes. Free forever for up to 3 devices.

Get Started Read the Docs