> ## Documentation Index
> Fetch the complete documentation index at: https://docs.liveavatar.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets & Integrations

> Connect third-party providers and securely manage API keys

LiveAvatar is designed to work with the providers you already use. Whether you want to bring your own language model, use a custom voice from an external TTS provider, or connect a real-time conversational AI platform, integrations let you extend LiveAvatar beyond its built-in capabilities.

To make this work securely, LiveAvatar uses **secrets** — encrypted stores for your third-party API keys. You store a key once and reference it by ID wherever it is needed. All secret values are encrypted with AWS KMS, and the API never exposes decrypted values.

## What you can integrate

LiveAvatar currently supports integrations with:

* **LLM providers** — Bring your own language model by connecting any OpenAI-compatible endpoint. Use your preferred model for reasoning and response generation instead of the platform default. See [Custom LLM Integration](/docs/full-mode/custom-llm) for details.
* **TTS providers** — Import voices from third-party text-to-speech providers and use them in your sessions. See [Custom TTS Integration](/docs/full-mode/custom-tts) for details.
* **Conversational AI platforms** — Connect platforms like ElevenLabs Agents or OpenAI Realtime to power LITE Mode sessions with your own AI stack.

As LiveAvatar adds support for more providers, additional integration types will follow the same pattern.

## How secrets work

When you store a secret, LiveAvatar encrypts it using enterprise-grade AWS KMS encryption. The API never returns the actual key value — only metadata like the secret's name, type, and creation date.

When a LiveAvatar session starts, the platform decrypts the relevant secrets and uses them to call your third-party providers on your behalf. Your credentials are never exposed to end users or returned through the API.

```mermaid theme={null}
sequenceDiagram
    participant Dev as Developer
    participant LA as LiveAvatar
    participant KMS as AWS KMS
    participant Provider as Third-Party Provider

    Dev->>LA: Store API key as a secret
    LA->>KMS: Encrypt secret
    KMS-->>LA: Encrypted secret stored

    Dev->>LA: Start session (with secret reference)
    LA->>KMS: Decrypt secret
    KMS-->>LA: Decrypted credentials
    LA->>Provider: Call provider on your behalf
    Provider-->>LA: Response
```

A single secret can be referenced by multiple resources. For example, one API key could back several different LLM configurations, each with its own model and system prompt.

## When you need secrets

<Tip>
  You only need secrets if you are connecting third-party providers. If you are using LiveAvatar's built-in voices and default LLM, you do not need to create any secrets.
</Tip>

## Key rotation

<Warning>
  If you delete a secret, any resources that depend on it — imported voices, LLM configurations, LITE Mode integrations — will stop working. To rotate a key safely, create a new secret with the updated credentials, update your resources to reference the new secret ID, and only then delete the old one.
</Warning>