Show HN: Byok-relay – self-hosted proxy for BYOK LLM apps without CORS issues (github.com)

A new self-hosted relay server, BYOK-relay, has been introduced to streamline the use of Bring Your Own Key (BYOK) applications in the AI space, addressing key security and accessibility issues. Traditional web applications face significant limitations due to CORS (Cross-Origin Resource Sharing) restrictions, which prevent direct API calls to major AI providers. By requiring backend proxies, developers often gain unintended access to API keys, raising trust concerns among users. BYOK-relay resolves this by allowing users to securely store their API keys encrypted on their own servers, thereby eliminating the risk of key exposure during API interactions. The relay functions by registering user tokens and encrypting keys with AES-256-GCM, only exposing the keys once upon registration to ensure secure transactions. Post-registration, API requests are relayed without returning the keys, streamlining both security and usability in web applications. This innovative approach not only heightens user trust by keeping their credentials private but also supports multiple AI providers, including OpenAI and Anthropic, with features like full streaming responses. With BYOK-relay, developers are empowered to create secure AI applications without sacrificing user control over sensitive information.