[init0]

Problem: Every AI app wants you to paste your OpenAI/Anthropic key. Keys spread across dozens of apps with zero visibility, and you can only revoke by rotating the key itself.

Proposal: OKAP (Open Key Access Protocol) - like OAuth, but for API keys.

How it works: 1. Keys stay in YOUR vault (self-host or hosted) 2. Apps request access via token (scoped to provider, models, expiry) 3. Vault proxies requests - apps never see your actual key 4. Revoke any app instantly without touching your master key

Not to be confused with LiteLLM/OpenRouter (those are proxies you pay for). OKAP is a protocol for user-owned key management - your keys, your vault, your control.

Working implementation: - Hosted vault: https://vault.okap.dev - Python SDK: pip install okap - Spec: https://okap.dev

Looking for feedback. Would you use this for your AI tools? What's missing?