fix: prevent telemetry from leaking sensitive info

Prevent sensitive information from being logged in telemetry output by assigning SecretStr type to sensitive fields. API keys, password from KV store are now covered. All providers have been converted. Signed-off-by: Sébastien Han <seb@redhat.com>
2025-10-05 12:21:52 +00:00 · 2025-08-08 15:54:45 +02:00 · 2025-08-08 15:54:45 +02:00 · c4cb6aa8d9
commit c4cb6aa8d9
parent 8dc9fd6844
53 changed files with 121 additions and 109 deletions
--- a/llama_stack/providers/remote/files/s3/config.py
+++ b/llama_stack/providers/remote/files/s3/config.py
@ -6,7 +6,7 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.providers.utils.sqlstore.sqlstore import SqliteSqlStoreConfig, SqlStoreConfig

@ -17,7 +17,7 @@ class S3FilesImplConfig(BaseModel):
    bucket_name: str = Field(description="S3 bucket name to store files")
    region: str = Field(default="us-east-1", description="AWS region where the bucket is located")
    aws_access_key_id: str | None = Field(default=None, description="AWS access key ID (optional if using IAM roles)")
-    aws_secret_access_key: str | None = Field(
+    aws_secret_access_key: SecretStr | None = Field(
        default=None, description="AWS secret access key (optional if using IAM roles)"
    )
    endpoint_url: str | None = Field(default=None, description="Custom S3 endpoint URL (for MinIO, LocalStack, etc.)")
--- a/llama_stack/providers/remote/files/s3/files.py
+++ b/llama_stack/providers/remote/files/s3/files.py
@ -46,7 +46,7 @@ def _create_s3_client(config: S3FilesImplConfig) -> boto3.client:
            s3_config.update(
                {
                    "aws_access_key_id": config.aws_access_key_id,
-                    "aws_secret_access_key": config.aws_secret_access_key,
+                    "aws_secret_access_key": config.aws_secret_access_key.get_secret_value(),
                }
            )

--- a/llama_stack/providers/remote/inference/anthropic/anthropic.py
+++ b/llama_stack/providers/remote/inference/anthropic/anthropic.py
@ -4,6 +4,7 @@
 # This source code is licensed under the terms described in the LICENSE file in
 # the root directory of this source tree.

+
 from llama_stack.providers.utils.inference.litellm_openai_mixin import LiteLLMOpenAIMixin
 from llama_stack.providers.utils.inference.openai_mixin import OpenAIMixin

@ -27,7 +28,7 @@ class AnthropicInferenceAdapter(OpenAIMixin, LiteLLMOpenAIMixin):
        LiteLLMOpenAIMixin.__init__(
            self,
            litellm_provider_name="anthropic",
-            api_key_from_config=config.api_key,
+            api_key_from_config=config.api_key.get_secret_value() if config.api_key else None,
            provider_data_api_key_field="anthropic_api_key",
        )
        self.config = config
--- a/llama_stack/providers/remote/inference/anthropic/config.py
+++ b/llama_stack/providers/remote/inference/anthropic/config.py
@ -6,13 +6,13 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.schema_utils import json_schema_type


 class AnthropicProviderDataValidator(BaseModel):
-    anthropic_api_key: str | None = Field(
+    anthropic_api_key: SecretStr | None = Field(
        default=None,
        description="API key for Anthropic models",
    )
@ -20,7 +20,7 @@ class AnthropicProviderDataValidator(BaseModel):

@json_schema_type
 class AnthropicConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="API key for Anthropic models",
    )
--- a/llama_stack/providers/remote/inference/gemini/config.py
+++ b/llama_stack/providers/remote/inference/gemini/config.py
@ -6,13 +6,13 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.schema_utils import json_schema_type


 class GeminiProviderDataValidator(BaseModel):
-    gemini_api_key: str | None = Field(
+    gemini_api_key: SecretStr | None = Field(
        default=None,
        description="API key for Gemini models",
    )
@ -20,7 +20,7 @@ class GeminiProviderDataValidator(BaseModel):

@json_schema_type
 class GeminiConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="API key for Gemini models",
    )
--- a/llama_stack/providers/remote/inference/gemini/gemini.py
+++ b/llama_stack/providers/remote/inference/gemini/gemini.py
@ -4,6 +4,7 @@
 # This source code is licensed under the terms described in the LICENSE file in
 # the root directory of this source tree.

+
 from llama_stack.providers.utils.inference.litellm_openai_mixin import LiteLLMOpenAIMixin
 from llama_stack.providers.utils.inference.openai_mixin import OpenAIMixin

@ -19,7 +20,7 @@ class GeminiInferenceAdapter(OpenAIMixin, LiteLLMOpenAIMixin):
        LiteLLMOpenAIMixin.__init__(
            self,
            litellm_provider_name="gemini",
-            api_key_from_config=config.api_key,
+            api_key_from_config=config.api_key.get_secret_value() if config.api_key else None,
            provider_data_api_key_field="gemini_api_key",
        )
        self.config = config
--- a/llama_stack/providers/remote/inference/groq/config.py
+++ b/llama_stack/providers/remote/inference/groq/config.py
@ -6,13 +6,13 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.schema_utils import json_schema_type


 class GroqProviderDataValidator(BaseModel):
-    groq_api_key: str | None = Field(
+    groq_api_key: SecretStr | None = Field(
        default=None,
        description="API key for Groq models",
    )
@ -20,7 +20,7 @@ class GroqProviderDataValidator(BaseModel):

@json_schema_type
 class GroqConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        # The Groq client library loads the GROQ_API_KEY environment variable by default
        default=None,
        description="The Groq API key",
--- a/llama_stack/providers/remote/inference/llama_openai_compat/config.py
+++ b/llama_stack/providers/remote/inference/llama_openai_compat/config.py
@ -6,13 +6,13 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.schema_utils import json_schema_type


 class LlamaProviderDataValidator(BaseModel):
-    llama_api_key: str | None = Field(
+    llama_api_key: SecretStr | None = Field(
        default=None,
        description="API key for api.llama models",
    )
@ -20,7 +20,7 @@ class LlamaProviderDataValidator(BaseModel):

@json_schema_type
 class LlamaCompatConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="The Llama API key",
    )
--- a/llama_stack/providers/remote/inference/openai/config.py
+++ b/llama_stack/providers/remote/inference/openai/config.py
@ -6,13 +6,13 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.schema_utils import json_schema_type


 class OpenAIProviderDataValidator(BaseModel):
-    openai_api_key: str | None = Field(
+    openai_api_key: SecretStr | None = Field(
        default=None,
        description="API key for OpenAI models",
    )
@ -20,7 +20,7 @@ class OpenAIProviderDataValidator(BaseModel):

@json_schema_type
 class OpenAIConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="API key for OpenAI models",
    )
--- a/llama_stack/providers/remote/inference/runpod/config.py
+++ b/llama_stack/providers/remote/inference/runpod/config.py
@ -6,7 +6,7 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.schema_utils import json_schema_type

@ -17,7 +17,7 @@ class RunpodImplConfig(BaseModel):
        default=None,
        description="The URL for the Runpod model serving endpoint",
    )
-    api_token: str | None = Field(
+    api_token: SecretStr | None = Field(
        default=None,
        description="The API token",
    )
--- a/llama_stack/providers/remote/inference/runpod/runpod.py
+++ b/llama_stack/providers/remote/inference/runpod/runpod.py
@ -103,7 +103,10 @@ class RunpodInferenceAdapter(
            tool_config=tool_config,
        )

-        client = OpenAI(base_url=self.config.url, api_key=self.config.api_token)
+        client = OpenAI(
+            base_url=self.config.url,
+            api_key=self.config.api_token.get_secret_value() if self.config.api_token else None,
+        )
        if stream:
            return self._stream_chat_completion(request, client)
        else:
--- a/llama_stack/providers/remote/inference/vertexai/vertexai.py
+++ b/llama_stack/providers/remote/inference/vertexai/vertexai.py
@ -8,6 +8,7 @@ from typing import Any

 import google.auth.transport.requests
 from google.auth import default
+from pydantic import SecretStr

 from llama_stack.apis.inference import ChatCompletionRequest
 from llama_stack.providers.utils.inference.litellm_openai_mixin import (
@ -43,7 +44,7 @@ class VertexAIInferenceAdapter(OpenAIMixin, LiteLLMOpenAIMixin):
        except Exception:
            # If we can't get credentials, return empty string to let LiteLLM handle it
            # This allows the LiteLLM mixin to work with ADC directly
-            return ""
+            return SecretStr("")

    def get_base_url(self) -> str:
        """
--- a/llama_stack/providers/remote/inference/vllm/config.py
+++ b/llama_stack/providers/remote/inference/vllm/config.py
@ -6,7 +6,7 @@

 from pathlib import Path

-from pydantic import BaseModel, Field, field_validator
+from pydantic import BaseModel, Field, SecretStr, field_validator

 from llama_stack.schema_utils import json_schema_type

@ -21,8 +21,8 @@ class VLLMInferenceAdapterConfig(BaseModel):
        default=4096,
        description="Maximum number of tokens to generate.",
    )
-    api_token: str | None = Field(
-        default="fake",
+    api_token: SecretStr | None = Field(
+        default=SecretStr("fake"),
        description="The API token",
    )
    tls_verify: bool | str = Field(
--- a/llama_stack/providers/remote/inference/vllm/vllm.py
+++ b/llama_stack/providers/remote/inference/vllm/vllm.py
@ -294,7 +294,7 @@ class VLLMInferenceAdapter(OpenAIMixin, LiteLLMOpenAIMixin, Inference, ModelsPro
            self,
            model_entries=build_hf_repo_model_entries(),
            litellm_provider_name="vllm",
-            api_key_from_config=config.api_token,
+            api_key_from_config=config.api_token.get_secret_value(),
            provider_data_api_key_field="vllm_api_token",
            openai_compat_api_base=config.url,
        )
--- a/llama_stack/providers/remote/tool_runtime/bing_search/bing_search.py
+++ b/llama_stack/providers/remote/tool_runtime/bing_search/bing_search.py
@ -40,7 +40,7 @@ class BingSearchToolRuntimeImpl(ToolGroupsProtocolPrivate, ToolRuntime, NeedsReq

    def _get_api_key(self) -> str:
        if self.config.api_key:
-            return self.config.api_key
+            return self.config.api_key.get_secret_value()

        provider_data = self.get_request_provider_data()
        if provider_data is None or not provider_data.bing_search_api_key:
--- a/llama_stack/providers/remote/tool_runtime/bing_search/config.py
+++ b/llama_stack/providers/remote/tool_runtime/bing_search/config.py
@ -6,13 +6,13 @@

 from typing import Any

-from pydantic import BaseModel
+from pydantic import BaseModel, SecretStr


 class BingSearchToolConfig(BaseModel):
    """Configuration for Bing Search Tool Runtime"""

-    api_key: str | None = None
+    api_key: SecretStr | None = None
    top_k: int = 3

    @classmethod
--- a/llama_stack/providers/remote/tool_runtime/brave_search/brave_search.py
+++ b/llama_stack/providers/remote/tool_runtime/brave_search/brave_search.py
@ -39,7 +39,7 @@ class BraveSearchToolRuntimeImpl(ToolGroupsProtocolPrivate, ToolRuntime, NeedsRe

    def _get_api_key(self) -> str:
        if self.config.api_key:
-            return self.config.api_key
+            return self.config.api_key.get_secret_value()

        provider_data = self.get_request_provider_data()
        if provider_data is None or not provider_data.brave_search_api_key:
--- a/llama_stack/providers/remote/tool_runtime/brave_search/config.py
+++ b/llama_stack/providers/remote/tool_runtime/brave_search/config.py
@ -6,11 +6,11 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr


 class BraveSearchToolConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="The Brave Search API Key",
    )
--- a/llama_stack/providers/remote/tool_runtime/tavily_search/config.py
+++ b/llama_stack/providers/remote/tool_runtime/tavily_search/config.py
@ -6,11 +6,11 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr


 class TavilySearchToolConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="The Tavily Search API Key",
    )
--- a/llama_stack/providers/remote/tool_runtime/tavily_search/tavily_search.py
+++ b/llama_stack/providers/remote/tool_runtime/tavily_search/tavily_search.py
@ -39,7 +39,7 @@ class TavilySearchToolRuntimeImpl(ToolGroupsProtocolPrivate, ToolRuntime, NeedsR

    def _get_api_key(self) -> str:
        if self.config.api_key:
-            return self.config.api_key
+            return self.config.api_key.get_secret_value()

        provider_data = self.get_request_provider_data()
        if provider_data is None or not provider_data.tavily_search_api_key:
--- a/llama_stack/providers/remote/tool_runtime/wolfram_alpha/wolfram_alpha.py
+++ b/llama_stack/providers/remote/tool_runtime/wolfram_alpha/wolfram_alpha.py
@ -40,7 +40,7 @@ class WolframAlphaToolRuntimeImpl(ToolGroupsProtocolPrivate, ToolRuntime, NeedsR

    def _get_api_key(self) -> str:
        if self.config.api_key:
-            return self.config.api_key
+            return self.config.api_key.get_secret_value()

        provider_data = self.get_request_provider_data()
        if provider_data is None or not provider_data.wolfram_alpha_api_key:
--- a/llama_stack/providers/remote/vector_io/pgvector/config.py
+++ b/llama_stack/providers/remote/vector_io/pgvector/config.py
@ -6,7 +6,7 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr

 from llama_stack.providers.utils.kvstore.config import (
    KVStoreConfig,
@ -21,7 +21,7 @@ class PGVectorVectorIOConfig(BaseModel):
    port: int | None = Field(default=5432)
    db: str | None = Field(default="postgres")
    user: str | None = Field(default="postgres")
-    password: str | None = Field(default="mysecretpassword")
+    password: SecretStr | None = Field(default="mysecretpassword")
    kvstore: KVStoreConfig | None = Field(description="Config for KV store backend (SQLite only for now)", default=None)

    @classmethod
--- a/llama_stack/providers/remote/vector_io/pgvector/pgvector.py
+++ b/llama_stack/providers/remote/vector_io/pgvector/pgvector.py
@ -366,7 +366,7 @@ class PGVectorVectorIOAdapter(OpenAIVectorStoreMixin, VectorIO, VectorDBsProtoco
                port=self.config.port,
                database=self.config.db,
                user=self.config.user,
-                password=self.config.password,
+                password=self.config.password.get_secret_value(),
            )
            self.conn.autocommit = True
            with self.conn.cursor(cursor_factory=psycopg2.extras.DictCursor) as cur: