Guide
Bring your own LLM key: what it means and why it matters
Bring your own key is one of those phrases that sounds technical and isn't, once someone explains it plainly. It matters for a simple reason: it decides who owns the relationship with the company actually running the AI model, and who sees the bill for it.
What is an LLM key, in plain terms?
An LLM key is a password-like string that a model provider, the company that actually runs the AI, gives you when you sign up with them directly. It's how any software, including Glitch, proves to that provider that it's allowed to send it requests on your account, and it's how that provider knows whose usage to bill.
Think of it like a utility account. Someone still generates the electricity. The key is what ties the meter to your name instead of your landlord's.
Why owning the key matters
When an app comes with AI already built in and no key of your own, you're a guest on someone else's account. The provider relationship, the pricing, the terms, belongs to the app maker, not you. If they change what they offer, you find out when your results change.
Owning the key flips that. The account is yours, opened directly with the provider, in your name. Whatever software you use, including Glitch, is a guest on your account instead of the other way around.
Your usage bill stays visible
Because the key is yours, the usage bill is yours too, not folded into a flat subscription fee where you can't tell what a heavy month cost versus a light one. Glitch surfaces that spend in a cost meter, so the number is something you look at, not something you infer.
That visibility extends past the bill. An audit log and data export mean the record of what happened isn't locked inside someone else's dashboard either.
Your key is encrypted per organization, not just stored
Handing over a key is only safe if what receives it treats it seriously. Glitch encrypts each org's key with AES-256-GCM, using a subkey generated for that org specifically, so one org's key material isn't just sitting next to every other org's in the same form.
That sits on top of row-level security in the database, scoped per org, which is the same protection applied to the rest of your company's data. The key isn't a special exception to how the platform handles isolation, it's covered by the same rule.
You can move the key, not just use it
Because the relationship is yours, moving it is your call, not a request. If you want a different provider, or a different tier of model from the same one, that's a change to the key, not a negotiation with the app you're using.
That's a small thing until it isn't. The moment switching becomes a real option instead of a hypothetical one, the provider on the other end of your key has a reason to keep earning it.
Bundled AI hides the meter
The alternative, AI folded into a flat price with no key of your own, feels simpler at first. But it also means you can't see what any single answer costs, can't tell if usage is climbing, and can't leave without leaving the whole product.
Bring your own key trades a little bit of upfront setup for that visibility. You see the bill, you own the account, and the platform running on top of it, Glitch or anything else, has to earn its place rather than assume it.
Common questions
Do I need to be technical to set up an LLM key?
No. Getting a key means signing up directly with a model provider and pasting a string of characters into your settings once. It's a one-time setup step, not an ongoing technical job.
How do I know what my AI usage is actually costing?
The spend shows up in a cost meter tied to your key, along with an audit log and data export, so the number is visible rather than buried in a flat monthly fee.
Is my key stored the same way as every other org's?
Your key is encrypted with a subkey generated specifically for your org, using AES-256-GCM, and sits behind the same row-level security that scopes the rest of your company's data. It isn't pooled with other orgs' keys.
See it working, not described
The sandbox is a seeded company you can wander. No signup needed.