Skip to main content

Private Prompts

warning

Private prompts are currently only available in production mode. Sandbox support is not yet available.

Private prompts allow you to store sensitive system prompts in nilDB (Nillion's decentralized database) and use them with LLM inference without exposing the prompt content. This is useful for protecting proprietary instructions, custom behaviors, or sensitive context.

Overview

The private prompts flow involves:

  1. Storing prompts in nilDB: Upload your prompt to nilDB and receive document IDs
  2. Setting up delegation: Create a delegation token chain between the subscription owner and prompt data owner
  3. Using stored prompts: Make LLM requests that reference the stored prompt without exposing its content

Storing Prompts to nilDB

First, store your private prompt to nilDB. This returns document IDs and owner information.

import "dotenv/config";
import {
NilaiOpenAIClient,
NilAuthInstance,
} from "@nillion/nilai-ts";
import { Did as DidClass } from "@nillion/nuc";

const API_KEY = process.env.NILLION_API_KEY;

async function store_to_nilDB(prompt: string): Promise<[string, string]> {
// Initialize the client in API key mode
const client = new NilaiOpenAIClient({
baseURL: "https://nilai-xxxx.nillion.network/nuc/v1/",
apiKey: API_KEY,
nilauthInstance: NilAuthInstance.PRODUCTION,
});

const createdIds: string[] = await client.createPrompt(prompt);
console.log(`Created IDS on nilDB: ${createdIds}`);

const ownerDid = new DidClass(client.getKeypair()!.publicKey()).toString();
return [createdIds[0], ownerDid];
}

async function main() {
if (!API_KEY) {
throw new Error("NILLION_API_KEY environment variable is required");
}

const [doc_id, owner_did] = await store_to_nilDB(
"You are a very clever model that answers with cheese answers and always starting with the word cheese"
);

console.log(`Document ID: ${doc_id}`);
console.log(`Owner DID: ${owner_did}`);
}

main().catch(console.error);

Using Stored Prompts with Delegation

To use stored prompts, you need to set up a delegation token flow. This involves:

  1. A subscription owner server that manages API access
  2. A prompt data owner server that manages access to stored prompt documents
  3. A client that makes requests using delegation tokens

Key components of the implementation:

import {
NilaiOpenAIClient,
DelegationTokenServer,
AuthType,
type DelegationTokenRequest,
type DelegationTokenResponse,
NilAuthInstance,
} from "@nillion/nilai-ts";

const API_KEY = process.env.NILLION_API_KEY;

// First, store the prompt in nilDB (see previous section)
const [doc_id, owner_did] = await store_to_nilDB(
"You are a very clever model that answers with cheese answers and always starting with the word cheese"
);

// Server initializes a delegation token server
const server = new DelegationTokenServer(API_KEY, {
nilauthInstance: NilAuthInstance.PRODUCTION,
expirationTime: 60 * 60, // 1 hour validity
tokenMaxUses: 10,
prompt_document: {
owner_did: owner_did,
doc_id: doc_id,
},
});

// Client initializes without API key but with delegation auth
const client = new NilaiOpenAIClient({
baseURL: "https://nilai-xxxx.nillion.network/nuc/v1/",
authType: AuthType.DELEGATION_TOKEN,
nilauthInstance: NilAuthInstance.PRODUCTION,
});

// Client produces a delegation request
const delegationRequest: DelegationTokenRequest =
client.getDelegationRequest();

// Server creates a delegation token
const delegationToken: DelegationTokenResponse =
await server.createDelegationToken(delegationRequest);

// Client sets the delegation token
client.updateDelegation(delegationToken);

// Client uses the delegation token to make a request
const response = await client.chat.completions.create({
model: "openai/gpt-oss-20b",
messages: [
{ role: "user", content: "Hello! Can you help me with something?" },
],
});

console.log(`Response: ${response.choices[0].message.content}`);

Important Notes

  • Store private keys securely: Keep private keys and stored prompt data in secure configuration files
  • Token expiration: Set appropriate expiration times and usage limits for delegation tokens
  • Prompt storage only on NUCs: Prompt delegation is only available for NUC authentication.

Use Cases

Private prompts are ideal for:

  • Proprietary AI assistants: Protect your custom system prompts and business logic
  • Sensitive instructions: Keep confidential context or data handling rules private
  • Multi-tenant applications: Different users can have different private prompts without exposing them
  • Compliance requirements: Ensure sensitive prompts never leave the secure environment