How we secure your key

When you connect an Anthropic Admin API key we encrypt it with AES-256-GCM using a per-record salt and a 32-byte master key derived via scrypt. Only the encrypted payload is written to the database; the plaintext key never touches disk and is never logged. We display the last four characters so you can identify which key is which, nothing more.

The key is decrypted in-memory only when our scheduled sync calls Anthropic's Admin API to fetch your usage data. We never use it to make completions, never share it, and never expose it through the tRPC API surface. You can revoke it instantly from console.anthropic.com → Settings → Admin Keys — that revocation is enforced server-side by Anthropic, independent of us.

What the key can do

Read only: we call GET /v1/organizations and GET /v1/organizations/{id}/usage_report/messages.
No completions, no key creation, no billing changes.
See the full Admin API surface in the Anthropic docs.

Removing your key

Go to your dashboard → Remove. We delete the encrypted payload immediately. For belt and suspenders, also revoke the key on console.anthropic.com.