What BYOK means
BYOK — Bring Your Own Key — is a model for how AI apps handle authentication with AI providers like Anthropic, OpenAI, or Google. In a BYOK app, you supply your own API key from your chosen provider. The app uses that key to send requests on your behalf. In a shared-key app, the vendor owns the API key, and all customers' data flows through the vendor's AI account.
The practical difference:
Shared-key model
- Vendor holds the AI API key
- Your data passes through vendor infrastructure
- You're subject to the vendor's AI provider agreement
- No visibility into which model version is used
- AI costs baked into the subscription, often at a markup
- No option to switch AI providers or models
BYOK model
- You hold the AI API key
- Data goes directly from the app to your AI provider
- You have a direct agreement with your AI provider
- You choose which model to use — and when to upgrade
- AI costs billed by the provider at provider rates
- Switch providers or models at any time
The BYOK model doesn't mean more setup complexity. In CodeDoc AI for Confluence, connecting your AI provider takes two steps: paste your API key, click Connect & Validate. The app fetches available models automatically and you select one from a dropdown.
Why BYOK matters for GDPR
Under the General Data Protection Regulation, your organization is responsible for knowing where personal data goes and on what legal basis it is processed. This applies to source code if it contains names, email addresses, comments, or any other information that could identify a person — which is more common than teams typically acknowledge.
With a shared-key AI app, data flows through the vendor's own AI account. The vendor's data processing agreement with their AI provider applies, not yours. You may not have insight into data retention policies, whether data is used for model training, or whether the vendor's AI provider operates within your required data residency region.
With BYOK, the intermediate layer disappears. Your data goes from the Atlassian app directly to your AI provider account. You control:
- The data processing agreement — you signed it with your AI provider directly.
- Data retention — governed by your provider account settings, not the vendor's.
- Training opt-out — all three providers CodeDoc AI supports (Anthropic, OpenAI, Google) offer opt-out from using API traffic for model training. Enabling this in your provider account applies immediately.
- Regional data processing — you can choose provider regions where available (e.g. EU endpoints on Google or Azure OpenAI for European data residency requirements).
Note for regulated industries: GDPR compliance for AI tools is an evolving area. The information above describes the data flow architecture — always verify your specific obligations with your legal and compliance teams. This article is educational, not legal advice.
The Forge security layer
CodeDoc AI is built on Atlassian Forge, the platform for building Confluence and Jira apps that run entirely on Atlassian's own infrastructure. This adds a second layer of security context that is independent of the BYOK model.
Forge apps operate in a sandboxed runtime. They cannot make outbound network requests to arbitrary URLs — all external services must be declared explicitly in the app manifest, and Atlassian reviews those declarations as part of the app approval process on the Marketplace. For CodeDoc AI, the declared external services are:
- Your Git provider (GitHub, GitLab, Bitbucket, or Azure DevOps)
- Your AI provider (Anthropic, OpenAI, or Google AI)
That means it is technically impossible for the app to exfiltrate your data to any other endpoint. No shadow copies, no telemetry to unannounced third parties, no undeclared outbound traffic.
This is the meaning behind the "Runs on Atlassian" badge on Forge apps in the Marketplace. It signals not just that the app integrates with Atlassian products, but that it runs inside Atlassian's infrastructure — subject to Atlassian's security controls.
AI Provider settings — connect your own API key from Anthropic, OpenAI, or Google
Cost control with BYOK
For procurement teams, the pricing model of a BYOK app is easier to reason about than a shared-key app. AI usage is billed directly by the provider at published provider rates. There's no vendor markup, no opaque "AI credits" system, and no surprise overage charge from a tier you didn't know you were on.
You can set hard spending limits at the provider account level — both Anthropic and OpenAI support per-key spending caps. If a documentation job uses more tokens than expected, the generation fails cleanly rather than running up an unbounded bill.
BYOK also gives you model choice, which matters for cost optimization:
- Google Gemini — free tier with generous limits, suitable for evaluation and lighter use.
- Anthropic Claude Haiku / OpenAI gpt-4o-mini — affordable paid models at roughly $0.01–0.05 per generation for a medium repository. Good for high-frequency automated jobs.
- Anthropic Claude Sonnet / OpenAI GPT-4o — higher capability at higher cost. Appropriate for complex codebases or customer-facing documentation where quality is paramount.
Because CodeDoc AI includes AI-powered file selection (the AI first identifies the most relevant files, then generates documentation from those only), typical generation costs are significantly lower than feeding an entire repository to the model. For large repositories, this can reduce token usage by 60–80%.
Model choice and future-proofing
The AI model landscape evolves quickly. A model that represents best-in-class capability today may be superseded within months. In a shared-key app, you use whatever model the vendor has decided to offer — and any model upgrades happen on the vendor's timeline, not yours.
With BYOK, the available models are fetched dynamically from your provider account at the time you connect. When Anthropic, OpenAI, or Google releases a new model, it appears in the CodeDoc AI model dropdown immediately — without a vendor update, without waiting for a new app version, without a support ticket.
You can also switch providers entirely. If your organization decides to standardize on a different AI vendor for procurement or compliance reasons, you update the API key setting and select a model from the new provider. Everything else — jobs, trigger configuration, file selections, Confluence target pages — stays unchanged.
Who benefits most from BYOK AI in Atlassian
BYOK is particularly relevant for:
- Regulated industries (healthcare, financial services, public sector) — where data processing transparency and audit trails are a compliance requirement, not a preference.
- Organizations with existing AI vendor agreements — enterprises that already have enterprise agreements with Anthropic, OpenAI, or Google benefit from BYOK because CodeDoc AI slots directly into existing procurement and legal frameworks.
- Teams with GDPR or data residency requirements — BYOK combined with Forge's sandboxed architecture provides a clear and auditable data flow that is easier to document for DPO review.
- Security-conscious engineering teams — who want to know exactly where their source code goes and are unwilling to let it pass through an intermediary infrastructure they didn't vet.
For Atlassian admins: You can review CodeDoc AI's full data processing architecture on the Security page and the Trust Center. Both documents are versioned and updated when the architecture changes.
Frequently asked questions
What does BYOK mean for AI apps in Atlassian?
BYOK (Bring Your Own Key) means you supply your own API key from your chosen AI provider. Your data goes directly from the Atlassian app to your AI provider under your account — it never passes through the app vendor's infrastructure.
Why is BYOK important for GDPR?
Under GDPR, you need to know where your data goes and under what agreement it is processed. BYOK eliminates the vendor as an intermediate data processor — you have a direct agreement with your AI provider, you can configure data retention, and you can opt out of model training via your provider account settings.
Does BYOK mean I can choose which AI model to use?
Yes. With CodeDoc AI, you can use any model available in your Anthropic, OpenAI, or Google account. New models appear in the dropdown automatically when providers release them — no waiting for a vendor update.
How does BYOK help control AI costs?
AI usage is billed at provider rates with no vendor markup. You can set spending limits at the provider account level and choose cost-optimized models for routine tasks. AI file selection in CodeDoc AI further reduces token usage by sending only the most relevant files rather than an entire repository.
What is Atlassian Forge and why does it matter for AI security?
Forge apps run entirely on Atlassian's infrastructure in a sandboxed runtime. They can only connect to explicitly declared external services — for CodeDoc AI, that is your Git provider and your AI provider. No other outbound connections are possible.
Which AI providers does CodeDoc AI support?
Anthropic (Claude models), OpenAI (GPT models), and Google AI (Gemini models). You can connect one provider or switch at any time by updating the API key in Settings.
Full data control, running on Atlassian infrastructure
CodeDoc AI is BYOK and Forge-native — your code stays between your Git provider, your AI provider, and your Confluence instance.
Try it free on Marketplace →