Get Started
TUTORIAL

Protect AI Secrets

Store the real provider secret once in Portal and use placeholder credentials inside boxes.

Use this pattern before you run SDKs, scripts, or coding agents inside boxes that need upstream AI access.

AI Gateway lets the org keep the real upstream provider secret in Portal. Boxes talk to a fixed local endpoint and only carry placeholder credentials.

Configure the org in Portal

Only org owners can edit AI integrations.

Open Portal and go to the target org’s settings page:

  1. If you are on My Orgs, click Settings on the target org.
  2. If you are already inside that org workspace, use the left sidebar Org Settings.
  3. Open AI Integrations.
  4. Open the provider card you need: OpenAI or Anthropic / Claude Code.
  5. Paste the real provider secret into Upstream API Key.
  6. Leave Custom Endpoint empty unless you intentionally use a proxy or self-hosted upstream.
  7. Turn Enabled on.
  8. Click Save.

The card also shows the provider’s Local Base URL, which is the stable endpoint boxes use inside run9.

You do this once per org. Every box in that org reuses the same integration until you change or disable it.

What changes inside the box

Inside the box, only two things change from a normal client setup:

  • point the client at the org’s local base URL
  • use a placeholder secret instead of the real provider key

The literal run9-placeholder in the examples below is only a stand-in example. It is not a secret you copy from Portal.

These export commands are shell-local. Re-run them in each new shell, or save them in the shell profile or launch script you actually use if you want later sessions to reuse the same gateway settings.

OpenAI-compatible clients

Inside the box:

export OPENAI_BASE_URL=http://10.0.2.2:1000/run9/ai/openai/v1/
export OPENAI_API_KEY=run9-placeholder

After those two env vars are set, the rest of your OpenAI-compatible client code stays the same. The placeholder key only creates the client-side authorization header. The real upstream secret stays in Portal.

Anthropic-compatible clients

Inside the box:

export ANTHROPIC_BASE_URL=http://10.0.2.2:1000/run9/ai/anthropic
export ANTHROPIC_AUTH_TOKEN=run9-placeholder

Requests go through the org integration. If the integration is disabled or missing, the request fails clearly.

First checks when requests fail

Check these three things before changing client code:

  • the provider card in Portal is still Enabled
  • the client still points at that card’s Local Base URL
  • the box still sets a placeholder secret such as run9-placeholder, because many clients reject an empty auth header before the gateway sees the request

Why this is safer

  • the real provider secret stays in org settings instead of box storage
  • multiple boxes in the org can reuse one shared provider configuration
  • you can disable or clear the integration centrally without visiting each box
  • forking a box or snap does not duplicate the real provider secret