👋 New here? Take the 5-step tour — fleet to live findings in under 5 min.
Start tour

🔔 Recent activity

Loading…

← Back to Settings

AI / LLM Settings

Configure the LLM the reports module uses for executive summaries, plain-language CVE explanations, and stakeholder narratives. Saved settings override environment variables. API keys are encrypted on disk.

Different page: looking to GOVERN the third-party API keys living in your environment (per-agent, per-scope, with trust scores + rotation tracking)? That's Identity & API key governance — same concept, opposite direction.

Loading current config…

What gets saved where

  • Config file: ~/.safecadence/llm_config.json (chmod 600)
  • API keys: Fernet-encrypted (if cryptography installed via [vault] extra) or base64-obfuscated otherwise
  • Encryption key: ~/.safecadence/.llm_vault.key (chmod 600, auto-bootstrapped on first save)
  • The reports module reads this config on every call; no service restart needed when you change provider
  • Choosing "Use environment variables" keeps the v11.3.x behavior intact — useful for container deploys with env-var-only config

Full local-LLM setup guide: docs/LOCAL-LLM.md