Skip to main content

Configure Bring Your Own Key (BYOK) in RepoRisk

This page explains how to add your Anthropic API key to RepoRisk Settings.

Prerequisites

  • An Anthropic API key (from Set Up Your Anthropic Account)
  • Access to RepoRisk with admin permissions
  • Your Anthropic account must have billing enabled

Step 1: Access Settings

  1. Log in to RepoRisk at https://app.canirunthat.com
  2. Click on Settings in the top navigation bar
  3. You should see the Settings page with multiple cards

Step 2: Find the Anthropic API Key Section

On the Settings page, look for a card titled Anthropic API Key or BYOK Configuration. This section allows you to:

  • Enter your API key
  • View a masked preview of your current key (if one is already configured)
  • Update or remove your key
  • See validation status

Step 3: Paste Your API Key

  1. Click in the API Key input field (labeled "Anthropic API Key" or similar)
  2. Paste your API key (from Step 6 of the Anthropic setup guide)
  3. The key should start with sk-ant- and be approximately 40+ characters long
  4. Do not add extra spaces or characters — copy the key exactly as shown in the Anthropic Console

Step 4: Save Your Key

  1. Click the Save, Update, or Configure button below the input field
  2. RepoRisk will validate your key by testing it against the Anthropic API
  3. You will see a message indicating success or an error

Successful Configuration

If your key is valid and your Anthropic account has billing enabled, you will see:

  • A success message (e.g., "API key configured successfully" or green checkmark)
  • Your key will be masked in the display (showing only the last few characters, e.g., sk-ant-***xxxx)
  • The masked preview helps you confirm which key is configured without revealing the full key

First Login Behavior

Important: If this is the first time Bring Your Own Key (BYOK) is being configured for your organization, you will see a non-dismissable modal dialog on your next login. You must enter your Anthropic API key in this dialog to proceed. This is a one-time requirement.

Step 5: Verify Configuration

Once saved, your API key is now active and will be used for all your repository scans:

  1. Submit a repository for analysis (see Using the Platform: Submit Repository)
  2. RepoRisk will use your Anthropic API key for the analysis
  3. Costs will be billed to your Anthropic account

Cost Savings with Batch Processing

RepoRisk uses batch processing with Anthropic, which can reduce costs compared to synchronous API calls. Batch processing allows Anthropic to process your requests at times most beneficial for them, resulting in lower pricing than standard API rates shown at Anthropic Pricing.

What's Next?

Your BYOK configuration is complete. You can now:

If you need to manage, rotate, or revoke your key, see API Key Management.

Troubleshooting Configuration Errors

If you see an error when saving your key, see BYOK Troubleshooting for diagnosis and solutions.

Common error cases:

  • Invalid format: Your key doesn't start with sk-ant-
  • Invalid key or no billing: Your key is valid but your Anthropic account has no billing enabled, or the key is incorrect
  • Temporary error: RepoRisk couldn't connect to Anthropic API (try again in a moment)
  • Rate-limit error: Your Anthropic account is temporarily rate-limited (try again in a few minutes)

For details on each error and how to resolve it, see the Troubleshooting Guide.

Managing Your Key

Once configured, you may need to:

  • Rotate your key: Generate a new key in Anthropic Console and update it here
  • Revoke your key: Delete it from Anthropic Console if compromised or no longer needed
  • Update your key: If billing status changes or you need to switch accounts

See API Key Management for step-by-step instructions on these tasks.

Security Notes

  • Your API key is stored securely in RepoRisk and is never displayed after initial save (only masked)
  • Your API key is used only for communicating with Anthropic's API for repository analysis
  • RepoRisk does not store your key in plaintext logs or share it with third parties
  • If you suspect your key has been compromised, revoke it immediately in the Anthropic Console (see Key Management for emergency revocation steps)

FAQ

Q: Can I use the same API key for multiple RepoRisk organizations?
A: Yes, but it's not recommended. For easier key rotation and audit trails, create a separate API key in Anthropic Console for each RepoRisk organization.

Q: What happens if my billing is disabled on Anthropic?
A: Scans will fail with an error indicating billing is required. Re-enable billing on your Anthropic account, and your scans will resume.

Q: Can I see my API key after saving it?
A: No, RepoRisk only displays a masked preview (e.g., sk-ant-***xxxx) for security. If you need the full key, you must generate a new one in the Anthropic Console (keys cannot be retrieved once created).

Q: How much does BYOK cost?
A: BYOK uses the Anthropic API, which is billed by Anthropic based on token usage. See Anthropic Pricing for details. RepoRisk uses batch processing which can reduce costs compared to standard API pricing. RepoRisk does not add additional costs for BYOK.

Additional Resources