SentinelGateway vs. Portkey
Infrastructure shouldn't require a SaaS tether.
The numbers that matter at production scale
The Portkey split-plane problem.
Portkey uses a split-plane architecture. Even when you self-host their Data Plane inside your own VPC, it maintains a constant outbound sync to Portkey's SaaS Control Plane to pull routing configurations, API key metadata, and access policies. Your Data Plane is not independent — it is a managed satellite, and the moment that outbound connection is blocked by a firewall rule or an outage on their side, your gateway stops functioning. For air-gapped environments or strict egress policies, this architecture is simply incompatible.
Beyond the control plane tether, Portkey's pricing operates as a log tax. Pro tier users are capped at 30-day log retention, and if you exceed monthly log volume limits, recording halts entirely — meaning you lose observability exactly when you need it most, during high-traffic incidents. SentinelGateway writes audit logs asynchronously to your own Postgres instance. There is no log cap, no 30-day expiry, no usage meter on observability. It's a single compiled Go binary: 100% local, flat infrastructure pricing, and zero outbound dependency on any third-party cloud.
No credit card required. 10,000 free tokens.
Feature-by-Feature Breakdown
Every capability that matters at production scale, compared row by row.
Architecture
What actually runs in production
Runtime
Language / execution model
Egress / firewall requirements
Outbound connections needed to operate
OpenAI wire-format compatibility
Drop-in base_url replacement
Pricing model
How you are billed
Log retention
How long audit data is kept
Per-request audit log
Raw + redacted prompts, side by side
Semantic prompt cache
Dedup repeat prompts, zero token cost
PII scrubbing (built-in)
Cards, SSNs, emails — before LLM call. Per NIST SP 800-122 & NIST IR 8053.
Prompt injection blocking
Jailbreak / DAN pattern detection
Secret / credential scanning
AWS keys, GitHub tokens, PEM keys
Multi-provider routing
OpenAI, Anthropic, Gemini, Groq
Automatic fallback on 429/5xx
Transparent retry on transient errors
Multi-tenant key isolation
One API key per tenant, K8s NetworkPolicy
Metered billing (Stripe)
Token-level cost tracking, hourly sync
Cut the tether. One endpoint swap.
If you're routing through Portkey today, migrating to SentinelGateway is a single base_url change. Your existing OpenAI SDK calls, LangChain chains, or LlamaIndex queries work without modification. You immediately gain PII scrubbing, built-in secret scanning, and a flat pricing model — all running inside your VPC with no outbound control plane.
- No SDK changes. No new dependencies.
- Free tier: 10,000 tokens, no credit card.
- Unlimited logs. No cap. No expiry.
# Before: Portkey gateway
from openai import OpenAI
client = OpenAI(
base_url="https://api.portkey.ai/v1",
default_headers={"x-portkey-api-key": key}
)
# After: SentinelGateway — local, no control plane
from openai import OpenAI
client = OpenAI(
base_url="https://api.sentinelgateway.ai/v1",
api_key="sg-..."
)
✓ PII scrubbing active
✓ Fallback routing active
✓ Unlimited audit logs — no cap
Technical Standards & References
- [1] National Institute of Standards and Technology. NIST Special Publication 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). U.S. Department of Commerce, April 2010.
- [2] National Institute of Standards and Technology. NIST Interagency Report 8053: De-identification of Personal Information. U.S. Department of Commerce, October 2015.
Stop juggling API keys. Start building.
Sign up in 60 seconds. Get 10,000 free tokens instantly. Scale to billions when you're ready.