Skip to main content

Limits Reference

Resource limits and quotas for Keyway.

Rate limits

EndpointLimitWindow
General API100 requests15 minutes
Device code verification5 requests1 minute
Push/Pull30 requests15 minutes

Rate limit headers

Responses include rate limit information:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1705312800

Handling rate limits

When rate limited, you receive a 429 response:

{
  "type": "https://keyway.sh/errors/rate-limited",
  "title": "Too Many Requests",
  "status": 429,
  "detail": "Rate limit exceeded"
}

With header:

Retry-After: 60

Best practices:

  • Implement exponential backoff
  • Cache responses where possible
  • Batch operations when feasible

Resource limits

Free plan

ResourceLimit
Public repositoriesUnlimited
Private repositories1
Provider connections1 (Vercel, Netlify, etc.)
Environments per vault2
Secrets per private vault20
Secrets per public vaultUnlimited
Secret value size64 KB
Push batch size100 secrets
Free plan FIFO behavior

If you downgrade from Pro to Free with multiple private vaults, your oldest private vault remains fully writable. Newer private vaults become read-only until you upgrade again.

Pro plan ($9/month)

ResourceLimit
Public repositoriesUnlimited
Private repositoriesUnlimited
Provider connectionsUnlimited
Environments per vaultUnlimited
Secrets per vaultUnlimited
Secret value size64 KB
Push batch size500 secrets

Team plan ($29/month)

ResourceLimit
Public repositoriesUnlimited
Private repositoriesUnlimited
Private organization reposUnlimited
Provider connectionsUnlimited
Environments per vaultUnlimited
Secrets per vaultUnlimited
Secret value size256 KB
Push batch size1,000 secrets
Team plan exclusive

Only the Team plan allows creating vaults for private organization repositories. Free and Pro plans are limited to personal repositories.

API limits

Request body size

  • Maximum request body: 1 MB
  • Maximum secret value: 64 KB (256 KB on Team)

Pagination

  • Default page size: 25
  • Maximum page size: 100
  • Use limit and offset query parameters
GET /v1/vaults?limit=50&offset=100

Timeout

  • Request timeout: 30 seconds
  • Long-running operations may return 202 with status endpoint

Naming limits

Secret keys

ConstraintValue
Minimum length1 character
Maximum length256 characters
Allowed charactersA-Z, 0-9, _
Must start withLetter

Environment names

ConstraintValue
Minimum length2 characters
Maximum length30 characters
Allowed charactersa-z, 0-9, -, _
Must start withLetter

Repository names

Must be valid GitHub repository identifiers:

  • Format: owner/repo
  • Maximum owner length: 39 characters
  • Maximum repo length: 100 characters

Token limits

Keyway JWT

PropertyValue
Expiration30 days
RefreshRe-authenticate before expiry

GitHub PAT

Follow GitHub's limits:

  • Fine-grained PATs: Configurable expiration
  • Classic PATs: Optional expiration

Audit log retention

PlanRetention
Free7 days
Pro30 days
Team90 days
Enterprise1 year

Increasing limits

Upgrade your plan

Most limits can be increased by upgrading:

Free → Pro → Team → Enterprise

Request increase

For specific limit increases on Enterprise plans, contact support@keyway.sh with:

  1. Your organization name
  2. The limit you need increased
  3. Your use case

Monitoring usage

Via API

curl https://api.keyway.sh/v1/users/me/usage \
  -H "Authorization: Bearer $TOKEN"

Response:

{
  "data": {
    "plan": "free",
    "limits": {
      "maxPublicRepos": "unlimited",
      "maxPrivateRepos": 1,
      "maxProviders": 1,
      "maxEnvironmentsPerVault": 2,
      "maxSecretsPerPrivateVault": 20
    },
    "usage": {
      "public": 3,
      "private": 1,
      "providers": 1
    }
  },
  "meta": {
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}

The response shows:

  • plan: Your current plan (free, pro, or team)
  • limits: Maximum allowed for each resource ("unlimited" for no limit)
  • usage: Current usage counts

Via CLI

keyway doctor

Shows current authentication status and repository access level.