(Feat) Hashicorp Secret Manager - Allow storing virtual keys in secret manager (#7549)

* use a base abstract class * async_write_secret for hcorp * fix hcorp * async_write_secret for hashicopr secret manager * store virtual keys in hcorp * add delete secret * test_hashicorp_secret_manager_write_secret * test_hashicorp_secret_manager_delete_secret * docs Supported Secret Managers * docs storing keys in hcorp * docs hcorp * docs secret managers * test_key_generate_with_secret_manager_call * fix unused imports
2025-04-27 03:34:10 +00:00 · 2025-01-04 11:35:59 -08:00 · 2025-01-04 11:35:59 -08:00 · 46d9d29bff
commit 46d9d29bff
parent 7f7222ce30
13 changed files with 458 additions and 119 deletions
--- a/litellm/proxy/hooks/key_management_event_hooks.py
+++ b/litellm/proxy/hooks/key_management_event_hooks.py
@ -10,7 +10,6 @@ import litellm
 from litellm._logging import verbose_proxy_logger
 from litellm.proxy._types import (
    GenerateKeyRequest,
-    KeyManagementSystem,
    KeyRequest,
    LiteLLM_AuditLogs,
    LiteLLM_VerificationToken,
@ -195,21 +194,28 @@ class KeyManagementEventHooks:
        """
        if litellm._key_management_settings is not None:
            if litellm._key_management_settings.store_virtual_keys is True:
-                from litellm.secret_managers.aws_secret_manager_v2 import (
-                    AWSSecretsManagerV2,
+                from litellm.secret_managers.base_secret_manager import (
+                    BaseSecretManager,
                )

                # store the key in the secret manager
-                if (
-                    litellm._key_management_system
-                    == KeyManagementSystem.AWS_SECRET_MANAGER
-                    and isinstance(litellm.secret_manager_client, AWSSecretsManagerV2)
-                ):
+                if isinstance(litellm.secret_manager_client, BaseSecretManager):
                    await litellm.secret_manager_client.async_write_secret(
-                        secret_name=f"{litellm._key_management_settings.prefix_for_stored_virtual_keys}/{secret_name}",
+                        secret_name=KeyManagementEventHooks._get_secret_name(
+                            secret_name
+                        ),
                        secret_value=secret_token,
                    )

+    @staticmethod
+    def _get_secret_name(secret_name: str) -> str:
+        if litellm._key_management_settings.prefix_for_stored_virtual_keys.endswith(
+            "/"
+        ):
+            return f"{litellm._key_management_settings.prefix_for_stored_virtual_keys}{secret_name}"
+        else:
+            return f"{litellm._key_management_settings.prefix_for_stored_virtual_keys}/{secret_name}"
+
    @staticmethod
    async def _delete_virtual_keys_from_secret_manager(
        keys_being_deleted: List[LiteLLM_VerificationToken],
@ -222,15 +228,17 @@ class KeyManagementEventHooks:
        """
        if litellm._key_management_settings is not None:
            if litellm._key_management_settings.store_virtual_keys is True:
-                from litellm.secret_managers.aws_secret_manager_v2 import (
-                    AWSSecretsManagerV2,
+                from litellm.secret_managers.base_secret_manager import (
+                    BaseSecretManager,
                )

-                if isinstance(litellm.secret_manager_client, AWSSecretsManagerV2):
+                if isinstance(litellm.secret_manager_client, BaseSecretManager):
                    for key in keys_being_deleted:
                        if key.key_alias is not None:
                            await litellm.secret_manager_client.async_delete_secret(
-                                secret_name=f"{litellm._key_management_settings.prefix_for_stored_virtual_keys}/{key.key_alias}"
+                                secret_name=KeyManagementEventHooks._get_secret_name(
+                                    key.key_alias
+                                )
                            )
                        else:
                            verbose_proxy_logger.warning(