Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(Feat) - Hashicorp secret manager, use TLS cert authentication #7532

Merged
merged 5 commits into from
Jan 3, 2025
Merged

(Feat) - Hashicorp secret manager, use TLS cert authentication #7532

merged 5 commits into from
Jan 3, 2025

Conversation

ishaan-jaff
Copy link
Contributor

@ishaan-jaff ishaan-jaff commented Jan 3, 2025
edited
Loading

(Feat) - Hashicorp secret manager, use TLS cert authentication

Use TLS cert auth for Hashicorp

Hashicorp Vault

Read secrets from Hashicorp Vault

Step 1. Add Hashicorp Vault details in your environment

LiteLLM supports two methods of authentication:

  1. TLS cert authentication - HCP_VAULT_CLIENT_CERT and HCP_VAULT_CLIENT_KEY
  2. Token authentication - HCP_VAULT_TOKEN
HCP_VAULT_ADDR="https://test-cluster-public-vault-0f98180c.e98296b2.z1.hashicorp.cloud:8200"
HCP_VAULT_NAMESPACE="admin"

# Authentication via TLS cert
HCP_VAULT_CLIENT_CERT="path/to/client.pem"
HCP_VAULT_CLIENT_KEY="path/to/client.key"

# OR - Authentication via token
HCP_VAULT_TOKEN="hvs.CAESIG52gL6ljBSdmq*****"


# OPTIONAL
HCP_VAULT_REFRESH_INTERVAL="86400" # defaults to 86400, frequency of cache refresh for Hashicorp Vault

Step 2. Add to proxy config.yaml

general_settings:
  key_management_system: "hashicorp_vault"

Step 3. Start + test proxy

$ litellm --config /path/to/config.yaml

Relevant issues

Type

🆕 New Feature
✅ Test

Changes

[REQUIRED] Testing - Attach a screenshot of any new tests passing locally

If UI changes, send a screenshot/GIF of working UI fixes

@vercel Vercel
Copy link

vercel bot commented Jan 3, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
litellm ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 3, 2025 7:56pm

@codecov Codecov
Copy link

codecov bot commented Jan 3, 2025

Codecov Report

Attention: Patch coverage is 81.81818% with 4 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...itellm/secret_managers/hashicorp_secret_manager.py 81.81% 4 Missing ⚠️

📢 Thoughts on this report? Let us know!

@ishaan-jaff ishaan-jaff merged commit fb59f20 into main Jan 3, 2025
31 checks passed
rajatvig pushed a commit to rajatvig/litellm that referenced this pull request Jan 16, 2025
@ishaan-jaff @rajatvig
(Feat) - Hashicorp secret manager, use TLS cert authentication (Berri…
2a88538 
…AI#7532)

* fix - don't print hcorp secrets in debug logs

* hcorp - tls auth fixes

* fix tls_ca_cert_path

* test_hashicorp_secret_manager_tls_cert_auth

* hcp secret docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ishaan-jaff