Enterprise API Security
by Design
Gatekeeper is built with zero-trust principles from the ground up. Ed25519 keys, ZK rate limiting, CRDT token budgets, and no data retention by default.
Ed25519 API Keys
Cryptographically strong, delegatable, time-scoped, instantly revocable
Generation
Keys are Ed25519 keypairs. The private key never leaves your system. Gatekeeper only stores the public key hash — it cannot reconstruct your key.
Scoping
Each key carries signed claims: allowed models, rate limits, budget ceiling, and expiry timestamp. Cryptographic verification timing is validated during assisted onboarding.
Delegation
Give a contractor limited-time access to only GPT-4 endpoints. Derived keys inherit parent constraints and cannot exceed them. Revoke the parent to revoke all derivatives.
ZK Rate Limiting
Prove you're within limits without revealing your usage patterns
Traditional rate limiters expose exact request counts to infrastructure. Gatekeeper's proof-check roadmap targets privacy-preserving budget posture while the production gateway keeps enforceable spend limits, provider routing, and auditability as the launch-critical control plane.
What the proof reveals
- You are within your rate limit
- Your key is valid and not expired
- Your budget has not been exceeded
What the proof hides
- Exact request count this period
- Time-of-day usage patterns
- Which models you use most
CRDT Token Budgets
Distributed nodes all agree on usage without a central coordinator
When you run Gatekeeper across multiple nodes, each node maintains a Conflict-free Replicated Data Type (CRDT) for token budget tracking. Nodes gossip budget updates to each other. If two nodes simultaneously approve requests that push you slightly over budget, the CRDT merge resolves the conflict deterministically — no central coordinator, no single point of failure, eventual consistency within milliseconds.
No Data Retention by Default
Your prompts and responses are never stored unless you explicitly enable logging
Gatekeeper routes your request and discards the payload immediately. Only metadata is recorded by default: timestamp, model used, token count, cost, key label, and response latency. Enable full request logging per-key or per-model if you need it for compliance — but it's off by default.
Threat Model & Mitigations
API Key Theft
HighRisk: Attacker steals your key and makes requests at your expense
Mitigation: Ed25519 keys are time-scoped. Stolen keys expire. CRDT budget limits cap blast radius. Revoke parent key to invalidate all derived keys instantly.
Rate Limit Bypass
MediumRisk: Attacker probes rate limits to fingerprint usage patterns
Mitigation: ZK rate limiting proofs reveal only pass/fail — not counts or timing patterns. Fingerprinting is cryptographically prevented.
Model Abuse
MediumRisk: Compromised key used to send jailbreak prompts at scale
Mitigation: Per-key model allowlists restrict which models a key can reach. Budget limits cap token spend. Prompt logging (opt-in) enables post-hoc forensics.
Cost Injection
HighRisk: Attacker crafts requests designed to maximize token consumption
Mitigation: Hard budget ceilings enforced at gateway level, before the request reaches the provider. Max token limits configurable per key.
Security Comparison
| Feature | Gatekeeper | AWS Bedrock | Azure OpenAI | Self-managed Keys |
|---|---|---|---|---|
| Ed25519 key signing | ✓ | ✗ | ✗ | ✗ |
| ZK rate limiting | ✓ | ✗ | ✗ | ✗ |
| CRDT distributed budgets | ✓ | ✗ | ✗ | ✗ |
| Key delegation | ✓ | ✗ | ✗ | ✗ |
| No data retention default | ✓ | ✗ | ✗ | ✓ |
| Self-hosted | ✓ | ✗ | ✗ | ✓ |
| RBAC per key | ✓ free | ✓ paid | ✓ paid | ✗ |
| Audit logs | ✓ | ✓ | ✓ | ✗ |
Responsible Disclosure
We welcome security researchers
Report vulnerabilities privately before public disclosure. We commit to a 24-hour initial response, 90-day remediation window, and public credit in our security advisories for valid reports.
security@gatekeeper.run →