Skip to main content

Responses Proxy security

Treat Responses Proxy as an infrastructure service. It handles upstream API keys, client prompts, model outputs, request metadata, and telemetry history.

Secrets

Do not commit:

  • .env
  • .env.service.local
  • secrets.md
  • database files under data/
  • API keys in examples or docs

Use placeholders:

sk-...
postgresql://user:password@host/database?sslmode=require

Runtime OpenAI keys

Live routing uses OpenAI API keys from environment variables. The proxy forwards upstream requests with:

Authorization: Bearer <selected-resource-key>

Incoming Authorization headers are not forwarded upstream.

Registry credentials

Provider registry credentials can be stored as:

  • credential_ref: an external secret reference such as env:OPENAI_API_KEY
  • api_key: a write-only inline key

Inline keys require:

PROXY_SECRET_ENCRYPTION_KEY=...

Keep this value stable. If it changes, existing encrypted provider keys cannot be decrypted. Registry responses never return plaintext inline keys; they return api_key_configured.

Admin token

Set:

PROXY_ADMIN_TOKEN=...

Then call registry endpoints with:

Authorization: Bearer <token>

Current coverage:

  • /admin/providers
  • /admin/models

Current limit: PROXY_ADMIN_TOKEN does not protect /admin/state, /admin/events, /admin/sessions, /admin/requests, /admin/decisions, or /admin/health/check.

Use network-level controls or a reverse proxy when exposing telemetry admin endpoints outside trusted environments.

Telemetry payload capture

The proxy stores request and response bodies in SQL for analysis. Capture is capped by:

PROXY_MAX_CAPTURE_BYTES=2000000

Operational guidance:

  • Do not send sensitive data through the proxy unless telemetry storage policy allows it.
  • Reduce PROXY_MAX_CAPTURE_BYTES in sensitive environments.
  • Add redaction before production use when payloads can contain customer secrets.

GitHub Actions secrets

Store deployment values as GitHub environment secrets:

  • MORPH_API_KEY_PROD
  • MORPH_API_KEY_STAGE
  • MORPH_BUILDER_SNAPSHOT_ID
  • MORPH_BASE_IMAGE_ID
  • PROXY_DATABASE_URL
  • PROXY_ADMIN_TOKEN
  • PROXY_SECRET_ENCRYPTION_KEY
  • OPENAI_API_KEY_1 through OPENAI_API_KEY_4

Do not echo raw secret values from scripts. The deploy workflow may place secrets in $GITHUB_ENV, relying on GitHub secret masking.