Update a BYOK provider credential
Update an existing bring-your-own-key (BYOK) provider credential by its id. Include the key field to rotate the raw provider API key in-place (the previous key material is overwritten). Management key required.
Update an existing bring-your-own-key (BYOK) provider credential by its id. Include the key field to rotate the raw provider API key in-place (the previous key material is overwritten). Management key required.
The BYOK credential ID (UUID).
Optional allowlist of model slugs this credential may be used for. null means no restriction.
Optional allowlist of user IDs that may use this credential. null means no restriction.
Whether this credential is treated as a fallback — used only after non-fallback keys for the same provider have been tried.
A new raw provider API key to rotate the credential in-place. The previous key material is overwritten and the masked label is regenerated. Encrypted at rest and never returned in API responses.
Optional human-readable name for the credential.