Skip to main content

Obtaining API Keys

The Key Manager service provides secure API key issuance for accessing Jefferson Lab's local LLM inference gateway. We are using LiteLLM as our key management and LLM proxy. LiteLLM is an open source project with a large active community. To find out more about the project - please view the LiteLLM documentation.

API keys are required for:

  • Programmatic access (Python, curl)
  • n8n workflows

Keys are tied to your CILogon identity, tracked, and revocable. LiteLLM provides us a means to monitor API usage and track budgets and projects.

API keys can be used for:

  • Tracking Organization, Team, and Project usage
  • Limiting bandwidth
  • Limiting access and budgets
  • Allowing programatic access for bots

Accessing the Key Manager​

The Key Manager UI is accessed from the LLM landing page via the Manage API Keys button. Navigate to the API key page and select Logon with CILogon. Log in via the Thomas Jefferson National Accelerator Facility. If you are redirected to the login page, refresh the page.

Once in the API key portal, you should see Logout, Refresh, and Create New Key buttons. Follow along below to create a new key.

  • At this time, you can only have one key at a time.
  • No budgets are tracked.

Creating a New Key​

Click Create New Key​

After creation:

  • The new key will be visible exactly once (copy immediately)
  • The key hash is stored in the LiteLLM
  • The key is linked to your account and usage logs

How Keys Work Internally​

The LiteLLM is responsible for creating keys. They are distributed to the user through the Key Manager portal. The key is tied to your CILogon user_id, budget, team, etc. Keys can be minted for specific workflows for bots by request. When you make a request to the LiteLLM API, it validates the key, ensures the budget funds, and forwards your request to the LLM endpoint. If you do not have access or you do not have a sufficient budget, the request will be rejected. Once your request is processed, the data requested is returned, and LiteLLM tracks the number of tokens used against the cost of the model prompted.

ℹ️ Follow along with API Access to use your freshly minted API key.

Deleting a Key​

From the Key Manager UI:

  • Click β€œDelete Key” to permanently remove it

6. Security Practices​

DO:​

  • Rotate keys periodically
  • Use different keys for different tools (future)
  • Set budgets for automated workflows (admin)

DO NOT:​

  • Embed keys in shared Git repos
  • Send keys over email or chat
  • Load keys into browser bookmarks or URL parameters