🔔 Recent activity
Loading…
AI / LLM Settings
Configure the LLM the reports module uses for executive summaries, plain-language CVE explanations, and stakeholder narratives. Saved settings override environment variables. API keys are encrypted on disk.
Different page: looking to GOVERN the third-party API keys living in your environment (per-agent, per-scope, with trust scores + rotation tracking)? That's Identity & API key governance — same concept, opposite direction.
Loading current config…
What gets saved where
- Config file:
~/.safecadence/llm_config.json(chmod 600) - API keys: Fernet-encrypted (if
cryptographyinstalled via[vault]extra) or base64-obfuscated otherwise - Encryption key:
~/.safecadence/.llm_vault.key(chmod 600, auto-bootstrapped on first save) - The reports module reads this config on every call; no service restart needed when you change provider
- Choosing "Use environment variables" keeps the v11.3.x behavior intact — useful for container deploys with env-var-only config
Full local-LLM setup guide: docs/LOCAL-LLM.md