Protecting access to your systems is one of the most important parts of every AI and automation project. Osher Digital uses strict controls to ensure that API keys, credentials and system access are handled safely, logged correctly and removed when no longer required. This article explains how we manage these responsibilities throughout a project.
How Clients Provide Credentials
Clients can share credentials using any secure method they prefer. We avoid unencrypted email and encourage the use of secure, shareable one time links or encrypted messages. We only request credentials that are essential for delivery. If temporary access is available, it is preferred.
If you have an internal secure method for sharing access, we will follow your process.
How We Store Credentials
All credentials are stored in a secure password management vault. Access to stored items is restricted to the small number of staff working directly on your project. Credentials are injected into running systems as environment variables or through a secret management process.
Access to credentials is logged. This allows us to verify when a credential was viewed and by whom.
How API Keys Are Used
Osher Digital normally manages API keys on your behalf. This allows us to:
Centralise billing
Track usage and identify unusual activity
Manage multiple LLM providers without asking you to maintain separate accounts
Simplify credit card management and cost control
If you would prefer to supply your own keys, we will use your preferred arrangement.
Access to Client Cloud Services
If your project requires access to AWS, Azure, GCP or another cloud provider, we use one of two approaches:
Temporary IAM roles or tokens when short term access is sufficient
Static keys with limited scope when systems need to run continuously or when automation requires long lived access
We will always follow your organisation’s preferred method.
Credential Rotation
Credentials can be rotated by Osher Digital or by your internal team. Rotation is recommended when:
A project is handed over
A team member changes roles
Your organisation has a scheduled rotation policy
There are signs of unusual activity
We can support you to rotate credentials if needed.
Subcontractor Access
Subcontractors may access systems when their work requires it. All subcontractors are bound by NDA and internal confidentiality terms. Access is kept to the minimum necessary for delivery and follows the same logging and storage policies as internal staff.
Access Removal
Access to your systems is removed as soon as a project ends or when you request it. You may also request a full audit of stored credentials or confirmation that access has been removed.
System Access Policies
Our internal access policies include:
Least privilege access for all staff
MFA or 2FA for all internal systems
Logged access for credentials and sensitive information
Review and removal of access when a project closes
These controls ensure that only authorised people can reach your systems and that access is traceable at all times.
Your Control Over Your Credentials
At any time you can request:
A list of stored credentials
Removal or rotation of credentials
Confirmation of who has active access
Verification that access has been revoked
Osher Digital treats access security as a shared responsibility. Our aim is to provide secure, transparent and practical credential management so you can work confidently with AI and automation.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article