Get Support Get Armada

BYOK AI Analyzer

Campaign postmortems on your terms — your provider, your key, your residency.

Why BYOK

Compliance teams don't want a vendor's black-box AI processing their data. Procurement doesn't want surprise bills from an opaque token meter. CISOs want every prompt and response to live in a region they control. BYOK answers all three by routing AI calls through the customer's own provider account with a key reference Armada never persists in raw form.

How it works

  • Provider choice. OpenAI, Anthropic, Azure OpenAI, or a custom provider — selected by tenant administrators on the Armada admin page.
  • Key reference, not raw key. The configuration field stores a reference (for example, the name of a secret in your secrets manager). The raw API key never enters Armada storage or logs.
  • Model selection. The model identifier is configurable per tenant (for example, gpt-5, claude-opus-4-7, or a custom deployment name). Armada calls the provider exactly as configured.
  • Data residency. US, EU, APAC, or custom — controls which provider region the analyzer is allowed to call.
  • Retention window. Tenant-configurable retention setting (0–365 days) communicated to provider settings where supported. Zero is the default.
  • Admin-gated end to end. Saving the configuration requires Jira administrator permission server-side. Non-admin attempts are audited.
Armada admin page AI Analyzer tab with BYOK editor — provider segmented control (OpenAI, Anthropic, Azure OpenAI, Custom), key reference field, model field, residency segmented control, retention days, Save AI configuration button.

What gets analyzed

  • Mission postmortems. Structured context (timeline, risk summary, campaign state, outliers) is sent to the configured provider. The response is parsed into a typed result and surfaced inline.
  • Real execution data. No synthetic prompts — the analyzer reasons over the actual campaign lifecycle as Armada recorded it.
  • Token spend visibility. Every successful invocation increments aiAnalyzerInvocations and adds to aiTokenSpend on the Outcome Metrics tab so admins see cost as it accrues.

What Armada never does

  • Persist raw API keys.
  • Call the provider unless the configuration is explicitly enabled.
  • Ship a default key for users to "just try it" — every call requires BYOK.
  • Route prompts to a region other than the configured residency.

Audit trail

BYOK configuration changes emit audit.config.approval_updated-class audit entries with actor, time, and a redacted detail body. AI invocation events feed the Outcome Metrics token spend metric. See the Audit Log page for the full trail.

Ready to configure?

Get Armada on Marketplace