BYOK vs Marketplace: Choosing the Right Credential Model
BYOK vs Marketplace: Choosing the Right Credential Model
Bring Your Own Key is not a new concept. AWS Key Management Service, Azure Key Vault, and Google Cloud KMS all support BYOK workflows where customers import their own cryptographic keys rather than using provider-generated ones. The motivation is straightforward: regulatory compliance, audit requirements, and the operational reality that some organizations cannot delegate key custody to a third party.
The same tension exists in the AI agent credential space, just with different stakes. When your agent needs access to OpenAI, Anthropic, Stripe, and a dozen other services, who should own and manage those credentials? Keystore supports two models --- BYOK and Marketplace --- and the right choice depends on your regulatory environment, cost structure, and operational preferences.
The Regulatory Case for BYOK
GDPR, HIPAA, and FedRAMP all impose requirements that directly affect how credentials and encryption keys can be managed.
GDPR Article 28 requires data controllers to ensure that processors implement "appropriate technical and organisational measures" for data protection. For organizations subject to GDPR, maintaining direct provider relationships means maintaining direct Data Processing Agreements. If your OpenAI usage is governed by your DPA with OpenAI, routing that traffic through a third party's pooled credential introduces a contractual complication that legal teams will flag.
HIPAA requires covered entities to execute Business Associate Agreements with any service that touches protected health information. If your agent processes PHI through an LLM provider, the BAA chain matters. BYOK preserves your existing BAA with the provider; a marketplace model means your BAA chain now includes the marketplace operator.
FedRAMP imposes strict requirements on key management for government workloads. Organizations operating at FedRAMP High must demonstrate custody and control of encryption keys. BYOK is not optional in this context --- it is a compliance requirement.
With Keystore BYOK, you store your existing API keys in the vault. They are encrypted with AES-256-GCM --- the same AEAD scheme used exclusively by TLS 1.3 --- using unique initialization vectors per credential. Your provider relationships, billing agreements, and regulatory documentation remain unchanged. Keystore acts as a security layer, not a billing intermediary.
The Cost Reality of AI Providers
AI API pricing varies significantly across providers and tiers, and these differences matter when choosing a credential model.
OpenAI uses a tiered system. At Tier 1, you get 1,000 requests per minute. Higher tiers unlock better rate limits but require higher cumulative spend. GPT-5.2 is priced at $1.75 per million input tokens and $14 per million output tokens. Enterprise customers negotiate custom rates that can substantially reduce per-token costs.
Anthropic offers roughly 5x fewer requests than OpenAI at equivalent spend levels. For high-throughput workloads, Anthropic rate limits become a binding constraint faster.
Google Gemini takes a different approach entirely: 4 million tokens per minute with no tier system. For batch processing workloads, this flat rate limit structure can be significantly more favorable than OpenAI's tiered model.
If you have negotiated enterprise pricing, committed-use discounts, or custom rate limits with any of these providers, BYOK preserves those terms. Your Keystore-proxied requests use your keys, your accounts, and your negotiated rates. No markup, no pooled rate limits, no middleman on the invoice.
When Marketplace Wins
Not every team has enterprise agreements. Not every use case justifies the overhead of managing individual provider accounts.
LiteLLM and Portkey both offer marketplace-style access to AI providers through pooled infrastructure. LiteLLM is open-source and provides virtual keys with model routing across 100+ providers. Portkey adds an encrypted vault and enterprise features. Both demonstrate that there is real demand for simplified, consolidated provider access.
Keystore's Marketplace model serves the same need. Instead of signing up with each provider individually, generating keys, and managing accounts, you enable providers through Keystore and start making requests immediately. One invoice. One set of credentials to manage (zero, actually --- Keystore manages the underlying keys entirely).
The marketplace model is the right choice when:
You are prototyping. Signing up for six provider accounts to test an agent workflow is friction that slows down iteration. The marketplace gets you running in seconds.
You are building for others. If your product gives end users agent capabilities, you probably do not want each user managing their own OpenAI account. The marketplace lets you provision access without pushing credential management onto your users.
You need breadth over depth. An agent that occasionally uses Tavily for search, Resend for email, and a secondary LLM for summarization does not justify three separate provider accounts. The marketplace consolidates low-volume providers into a single billing relationship.
You want zero key management. With BYOK, you are still responsible for rotating provider keys (Keystore encrypts and proxies them, but you generate them). With marketplace, Keystore handles the full key lifecycle.
Mixing Models
The hybrid approach is often the pragmatic choice. Use BYOK for your primary providers where you have negotiated rates and compliance requirements. Use the marketplace for secondary providers where convenience outweighs cost optimization.
const token = await ks.tokens.create({
name: "production-agent",
providers: [
{ name: "openai", source: "byok" }, // Enterprise agreement
{ name: "anthropic", source: "byok" }, // Custom rate limits
{ name: "tavily", source: "marketplace" }, // Occasional use
{ name: "resend", source: "marketplace" }, // Low volume
],
});From the agent's perspective, there is no difference. The ks_ token works identically regardless of whether the underlying credential is BYOK or marketplace. The proxy resolves the correct credential either way.
Side-by-Side Comparison
| Aspect | BYOK | Marketplace |
|---|---|---|
| Setup | Minutes per provider | Seconds per provider |
| Billing | Direct with provider | Through Keystore |
| Pricing | Your negotiated rates | Marketplace rates |
| Rate limits | Your account's tier | Shared pool |
| Key rotation | You generate, Keystore encrypts | Keystore manages entirely |
| Compliance | Direct DPAs/BAAs | Through Keystore's terms |
| Best for | Production, enterprise, regulated | Prototyping, multi-provider, SaaS |
Making the Decision
Start with your constraints, not your preferences.
If you are in a regulated industry --- healthcare, finance, government --- BYOK is likely non-negotiable. Your compliance team will require direct provider relationships with documented DPAs and BAAs.
If you have negotiated enterprise pricing with a provider and run high-volume workloads, BYOK preserves those economics. The savings on per-token costs at enterprise scale will dwarf any convenience benefit from the marketplace.
If you are a startup shipping fast, a developer building an agent prototype, or a platform provider abstracting credentials away from end users, the marketplace eliminates operational overhead that has nothing to do with your core product.
Both models deliver the same security guarantees: AES-256-GCM encryption at rest, proxy-based credential injection, per-agent budgets, rate limits, audit logs, and instant revocation. The difference is who manages the upstream provider relationship. Choose based on your reality today, and know you can migrate between models at any time.