phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-27 21:20:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: introduce a /credentials API for specifying ephemeral provider-specific keys

Browse source
This commit is contained in:
Ashwin Bharambe 2025-05-18 11:35:45 -07:00
parent 87a4b9cb28
commit 226dc60775
7 changed files with 506 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

214
docs/_static/llama-stack-spec.html vendored
View file

@ -517,6 +517,49 @@
}
}
},
"/v1/credentials": {
"post": {
"responses": {
"200": {
"description": "created ProviderCredential object",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ProviderCredential"
}
}
}
},
"400": {
"$ref": "#/components/responses/BadRequest400"
},
"429": {
"$ref": "#/components/responses/TooManyRequests429"
},
"500": {
"$ref": "#/components/responses/InternalServerError500"
},
"default": {
"$ref": "#/components/responses/DefaultError"
}
},
"tags": [
"Credentials"
],
"description": "Create a new set of credentials for a given provider.",
"parameters": [],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateCredentialRequest"
}
}
},
"required": true
}
}
},
"/v1/openai/v1/responses": {
"post": {
"responses": {
@ -833,6 +876,93 @@
]
}
},
"/v1/credentials/{credential_id}": {
"post": {
"responses": {
"200": {
"description": "updated ProviderCredential object",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ProviderCredential"
}
}
}
},
"400": {
"$ref": "#/components/responses/BadRequest400"
},
"429": {
"$ref": "#/components/responses/TooManyRequests429"
},
"500": {
"$ref": "#/components/responses/InternalServerError500"
},
"default": {
"$ref": "#/components/responses/DefaultError"
}
},
"tags": [
"Credentials"
],
"description": "Update an existing set of credentials for a given provider.",
"parameters": [
{
"name": "credential_id",
"in": "path",
"description": "The ID of the credential to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateCredentialRequest"
}
}
},
"required": true
}
},
"delete": {
"responses": {
"200": {
"description": "OK"
},
"400": {
"$ref": "#/components/responses/BadRequest400"
},
"429": {
"$ref": "#/components/responses/TooManyRequests429"
},
"500": {
"$ref": "#/components/responses/InternalServerError500"
},
"default": {
"$ref": "#/components/responses/DefaultError"
}
},
"tags": [
"Credentials"
],
"description": "Delete a credential by its ID.",
"parameters": [
{
"name": "credential_id",
"in": "path",
"description": "The ID of the credential to delete.",
"required": true,
"schema": {
"type": "string"
}
}
]
}
},
"/v1/files/{bucket}/{key}": {
"get": {
"responses": {
@ -6614,6 +6744,70 @@
],
"title": "AgentTurnResponseTurnStartPayload"
},
"CreateCredentialRequest": {
"type": "object",
"properties": {
"provider_id": {
"type": "string",
"description": "The ID of the provider to create credentials for."
},
"token_type": {
"type": "string",
"enum": [
"oauth2",
"api_key"
],
"description": "The type of token to create. This is provided in the API to serve as lightweight documentation / metadata for the token."
},
"token": {
"type": "string",
"description": "The token itself."
},
"ttl_seconds": {
"type": "integer",
"description": "The time to live for the credential in seconds. Defaults to 3600 seconds."
}
},
"additionalProperties": false,
"required": [
"provider_id",
"token_type",
"token",
"ttl_seconds"
],
"title": "CreateCredentialRequest"
},
"ProviderCredential": {
"type": "object",
"properties": {
"credential_id": {
"type": "string"
},
"provider_id": {
"type": "string"
},
"token_type": {
"type": "string",
"enum": [
"oauth2",
"api_key"
],
"title": "CredentialTokenType",
"description": "The type of credential token."
},
"token": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"credential_id",
"provider_id",
"token_type",
"token"
],
"title": "ProviderCredential"
},
"OpenAIResponseInput": {
"oneOf": [
{
@ -12935,6 +13129,20 @@
"title": "SyntheticDataGenerationResponse",
"description": "Response from the synthetic data generation. Batch of (prompt, response, score) tuples that pass the threshold."
},
"UpdateCredentialRequest": {
"type": "object",
"properties": {
"token": {
"type": "string",
"description": "The new token to set for the credential."
}
},
"additionalProperties": false,
"required": [
"token"
],
"title": "UpdateCredentialRequest"
},
"VersionInfo": {
"type": "object",
"properties": {
@ -13031,6 +13239,11 @@
{
"name": "Benchmarks"
},
{
"name": "Credentials",
"description": "Each provider may need optional authentication. This might be a persistent API key, or\na short-lived OAuth2 token. There is a single credential for each provider instance.\n\nCredentials are ephemeral -- they may be purged after the specified TTL.\n\nCredentials are associated with the same ABAC access attributes and permissions as other\nresources in the system.\n\nIt is recommended to store these credentials using Envelope Encryption. The storage could\nbe a regular KVStore, but you should use a secure Key Management Service for encrypting\nand decrypting.",
"x-displayName": "Create, update and delete ephemeral provider-specific credentials."
},
{
"name": "DatasetIO"
},
@ -13100,6 +13313,7 @@
"Agents",
"BatchInference (Coming Soon)",
"Benchmarks",
"Credentials",
"DatasetIO",
"Datasets",
"Eval",