Problem
LiteLLM supports virtual keys with per-key spend limits, rate limits, and model access controls. Currently, creating, revoking, or viewing virtual keys requires direct API calls or database access. For a multi-tenant deployment, key management is a routine operational task that should be accessible from the TUI.
Scope
Add a "Keys" section to the Config screen (new tab), or a dedicated view if the scope warrants it:
- List keys — show key hash (masked), alias, spend limit, current spend, rate limit, allowed models, status (active/revoked)
- Create key — form with alias, spend limit, rate limit, model restrictions
- Revoke key — mark a key as inactive
- View key spend — current spend against limit
Backend references
- LiteLLM's
/key/generate, /key/info, /key/delete endpoints
- These are proxy API calls, so the TUI would hit the running proxy's admin endpoints (similar to how the Test screen sends requests)
Considerations
- Requires the proxy to be running (unlike most Config tab settings which are env-var based)
- Key creation returns the actual key value once — the TUI should display it clearly and warn that it won't be shown again
- This is lower priority because most deployments manage keys through CI/CD or API scripts, but it removes a sharp edge for operators doing ad-hoc key management
Problem
LiteLLM supports virtual keys with per-key spend limits, rate limits, and model access controls. Currently, creating, revoking, or viewing virtual keys requires direct API calls or database access. For a multi-tenant deployment, key management is a routine operational task that should be accessible from the TUI.
Scope
Add a "Keys" section to the Config screen (new tab), or a dedicated view if the scope warrants it:
Backend references
/key/generate,/key/info,/key/deleteendpointsConsiderations