Enterprise providers

Enterprise mode points OpenWhispr at your organization’s cloud LLM. Credentials resolve through the standard cloud SDK chain (SSO, assumed roles, env vars), so there’s no personal API key to paste or proxy to run. Use this when your team standardizes on a cloud provider and personal API keys aren’t allowed on engineers’ machines.

Provider	Status
AWS Bedrock	Available
Azure OpenAI	Coming soon
GCP Vertex AI	Coming soon

AWS Bedrock

Prerequisites

An AWS account with Bedrock model access enabled for the models you want to use
Either the AWS CLI configured with SSO OR an IAM user with bedrock:InvokeModel permissions

Setup

Open Settings > AI Text Enhancement > Enterprise > AWS Bedrock
Pick an authentication method:
- SSO profile (recommended)
- Access keys
Enter the name of your AWS CLI profile (e.g. default, my-sso-profile).OpenWhispr uses fromNodeProviderChain to resolve credentials — any profile configured via aws configure sso or aws configure works.If the profile uses SSO, run aws sso login --profile <name> before using OpenWhispr. The connection test will surface a copy-paste command if your session has expired.
Enter your IAM user’s Access Key ID and Secret Access Key. Include a Session Token if you’re using temporary credentials (e.g. from assume-role).
Pick a region (e.g. us-east-1, eu-west-1)
Pick a model from the curated list, or enter a custom Bedrock model ID
Click Test Connection — a successful test means credentials resolve and the model is reachable

Curated models

Model	Bedrock ID	Use case
Claude Haiku 4.5	`us.anthropic.claude-haiku-4-5-20251001-v1:0`	Fast, cheap — recommended default for text cleanup
Claude Sonnet 4.6	`us.anthropic.claude-sonnet-4-6`	Balanced — default for Agent Mode
Claude Opus 4.7	`us.anthropic.claude-opus-4-7`	Maximum intelligence — complex agent tasks
Amazon Nova Lite	`us.amazon.nova-lite-v1:0`	Cheapest, AWS-native — high-volume workloads

All IDs use the us. cross-region inference profile prefix. Custom model IDs are supported for anything not in the list.

Troubleshooting

Error	Cause	Fix
`AWS SSO session expired`	SSO token timed out	Run `aws sso login --profile <name>`
`Model access not enabled`	Model isn’t enabled for your account in this region	Enable it in the AWS Bedrock console
`Model not found`	Wrong model ID or wrong region	Check the ID format and that the model is available in your region
`Invalid AWS credentials`	Access key/secret don’t match an IAM user	Double-check your keys in AWS IAM
`Rate limited`	Hit Bedrock quota	Wait a moment and retry

The connection test surfaces all of these with copy-paste remediation commands where applicable.

Agent Mode

Agent Mode (tool-calling) is not yet supported with enterprise providers. Use BYOK (OpenAI, Anthropic, Gemini, Groq) or a local model for Agent Mode. Text cleanup works with Bedrock.

Credentials storage

Enterprise credentials are encrypted at rest using your OS keychain (Keychain on macOS, DPAPI on Windows, libsecret on Linux) via Electron’s safeStorage API. They are never sent to OpenWhispr’s servers. Encrypted blobs live alongside your other secrets under the user-data directory:

macOS: ~/Library/Application Support/OpenWhispr/secure-keys/
Windows: %APPDATA%\OpenWhispr\secure-keys\
Linux: ~/.config/OpenWhispr/secure-keys/

Non-secret preferences (regions, endpoints, model IDs) continue to live in .env in the same directory. On Linux systems without a keyring, secrets fall back to plaintext in .env.

Documentation Index

​AWS Bedrock

​Prerequisites

​Setup

​Curated models

​Troubleshooting

​Agent Mode

​Credentials storage