Glossary
BYOK (Bring Your Own Key)
Also known as: Bring Your Own Key, Customer-Managed Keys, CMK
Definition
Bring Your Own Key (BYOK) is a pattern where the customer organization controls its own keys — either cryptographic keys for data encryption (often called Customer-Managed Keys, CMK) or API keys for external LLM providers. The benefits are auditable control, granular rotation and revocation workflows, and a clean separation of duties. The customer organization remains the contractual counterparty toward the key provider.
How Swiss Knowledge Hub uses this term
At Swiss Knowledge Hub, depending on the providers enabled for a tenant, the customer can register its own API keys for OpenAI, Azure OpenAI, Anthropic, Google, Mistral, DeepSeek, Azure DeepSeek, Azure AI Foundry, and OpenAI-compatible custom endpoints. Requests then flow directly to the chosen provider, and the contractual relationship sits between the customer and that provider. SKH documents recommended configurations but does not technically enforce the no-training behavior of external providers — that depends on the provider's terms.
Related terms
Sources
- Microsoft — Bring Your Own Key (BYOK) Overview — https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
- Wikipedia: Bring your own encryption — https://en.wikipedia.org/wiki/Bring_your_own_encryption
This term is implemented concretely in Swiss Knowledge Hub.
See BYOK support in Swiss Knowledge Hub →Last updated: April 22, 2026