fix: prevent telemetry from leaking sensitive info

Prevent sensitive information from being logged in telemetry output by assigning SecretStr type to sensitive fields. API keys, password from KV store are now covered. All providers have been converted. Signed-off-by: Sébastien Han <seb@redhat.com>
2025-10-04 12:07:34 +00:00 · 2025-08-08 15:54:45 +02:00 · 2025-08-08 15:54:45 +02:00 · c4cb6aa8d9
commit c4cb6aa8d9
parent 8dc9fd6844
53 changed files with 121 additions and 109 deletions
--- a/llama_stack/providers/remote/tool_runtime/brave_search/brave_search.py
+++ b/llama_stack/providers/remote/tool_runtime/brave_search/brave_search.py
@ -39,7 +39,7 @@ class BraveSearchToolRuntimeImpl(ToolGroupsProtocolPrivate, ToolRuntime, NeedsRe

    def _get_api_key(self) -> str:
        if self.config.api_key:
-            return self.config.api_key
+            return self.config.api_key.get_secret_value()

        provider_data = self.get_request_provider_data()
        if provider_data is None or not provider_data.brave_search_api_key:
--- a/llama_stack/providers/remote/tool_runtime/brave_search/config.py
+++ b/llama_stack/providers/remote/tool_runtime/brave_search/config.py
@ -6,11 +6,11 @@

 from typing import Any

-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, SecretStr


 class BraveSearchToolConfig(BaseModel):
-    api_key: str | None = Field(
+    api_key: SecretStr | None = Field(
        default=None,
        description="The Brave Search API Key",
    )