Skip to content
stack
Get started
Provider · AI

OpenAI — Ashlr Stack Provider

OpenAI: GPT, Realtime, embeddings. Key verified against /v1/models on paste. Wire it into your project with one command via Ashlr Stack.

AI · API key KEY-ONLY · v0.2 adds provisioning
OpenAI — GPT, Realtime, embeddings. Key verified against /v1/models on paste.
Dashboard ↗

One command

Add OpenAI to any Ashlr Stack project with a single command. Stack runs the auth flow, verifies the credential, and writes every secret slot into Phantom. 

stack add openai

Or describe what you're building and let Claude pick it up via stack recommend: 

stack recommend "LLM provider for a coding assistant"

Auth flow

Paste a long-lived API key once. Stack verifies it against the provider's API before writing to Phantom.

How-to: Paste a secret key from https://platform.openai.com/api-keys.

Secret slots

stack add openai writes these 1 secret slot into your Phantom vault:

  • OPENAI_API_KEY

The values never leave Phantom in plaintext. Your .env file references slot names, and stack exec -- <cmd> swaps them in at process-spawn time via Phantom's local proxy.

Starter templates that include OpenAI

Apply a pre-wired stack with one command:

  • stack init --template claude-agent-openai-anthropic
  • Anthropic — Claude models + MCP. Key verified against the Messages API on paste.
  • xAI — Grok + tool use. Key verified on paste.
  • DeepSeek — Open-weight models. Key verified on paste.
  • Replicate — Open-source model inference with per-second billing. API token stored in Phantom.
  • Braintrust — LLM evals + observability + prompt playground. Verified against /v1/organization on paste.

FAQ

Do I need a OpenAI account to use it with Stack?

Yes — Stack provisions OpenAI on your behalf, but it authenticates as you. Paste a long-lived API key once. Stack verifies it against the provider's API before writing to Phantom. If you don't have a credential yet, create one at https://platform.openai.com and paste it once.

Where does Stack store my OpenAI credentials?

In Phantom Secrets, an E2E-encrypted local vault. Stack writes the secret slot names (OPENAI_API_KEY) into .stack.toml — the actual values live only in Phantom and never touch disk in plaintext.

Can I rotate or revoke this integration later?

Yes. Run `stack remove openai` to pull the OpenAI service back out (Phantom secrets deleted, MCP entry removed, .stack.toml cleaned up). Rotate the underlying OpenAI credentials in their dashboard — https://platform.openai.com — and Stack's next `doctor --fix` will pick up the new values.

Outbound