API key management and separate organizations for dev and prod

I am working on using OpenAI as part of a product (grid.is) and have a few requests for better key management and operational safety while using the API:

I would like to be able to generate API keys for organizations, not just users. If the user with the keys that are used in production leaves the OpenAI organization we must switch over to new keys issued by a new user, this causes risk to the availability of the features of the product that rely on OpenAI. (I tried to solve this with a shared user for our organization, but it requires a phone number that has not been used before, and not a VoIP number, so I ended up abandoning that approach).

Secondly, I would like to be able to add a description to the keys when they are generated. We use a handful of keys (prod, staging, local dev) and it’s important that it’s clear which key is used in which environment when we’re managing them in the OpenAI web console.

Thirdly I would like us to be able to have a second organization for staging and local dev, or some sort of separation from the organization that we use for prod. I view this both from usage perspective (an error in local dev should not impact the availability for production), as well as from cost perspective (we are willing to allocate a higher limit for production than for staging or dev). One way to approach this would be to allow the linking of organizations or having sub-organizations.

I’m looking forward to improvements in this area that improve our management of the OpenAI integration! :slightly_smiling_face:

1 Like

Hi @balduremilsson - were you able to figure out how to have separate organizations for separate environments (prod, staging, dev, etc)? I’m also running into this problem and wondering how to approach this for mainly cost savings in non-prod environment.

Unfortunately not, no. We’re still using a single organization and the keys are still owned by a single user.

This is fairly easy to code.

Managing production v. development etc is normally done with Environmental variables, BTW.



Same issue. I think I’ll create a keys@org account, and use that for all keys and share the access to the account.