(Feat) Add support for reading secrets from Hashicorp vault (#7497)

* HashicorpSecretManager * test_hashicorp_secret_managerv * use 1 helper initialize_secret_manager * add HASHICORP_VAULT * working config * hcorp read_secret * HashicorpSecretManager * add secret_manager_testing * use 1 folder for secret manager testing * test_hashicorp_secret_manager_get_secret * HashicorpSecretManager * docs HCP secrets * update folder name * docs hcorp secret manager * remove unused imports * add conftest.py * fix tests * docs document env vars
2025-04-25 18:54:30 +00:00 · 2025-01-01 18:35:05 -08:00 · 2025-01-01 18:35:05 -08:00 · cf60444916
commit cf60444916
parent e1fcd3ee43
16 changed files with 496 additions and 86 deletions
--- a/litellm/secret_managers/main.py
+++ b/litellm/secret_managers/main.py
@ -289,6 +289,19 @@ def get_secret(  # noqa: PLR0915
                    except Exception as e:
                        print_verbose(f"An error occurred - {str(e)}")
                        raise e
+                elif key_manager == KeyManagementSystem.HASHICORP_VAULT.value:
+                    try:
+                        secret = client.read_secret(secret_name)
+                        print_verbose(
+                            f"secret from hashicorp secret manager:  {secret}"
+                        )
+                        if secret is None:
+                            raise ValueError(
+                                f"No secret found in Hashicorp Secret Manager for {secret_name}"
+                            )
+                    except Exception as e:
+                        print_verbose(f"An error occurred - {str(e)}")
+                        raise e
                elif key_manager == "local":
                    secret = os.getenv(secret_name)
                else:  # assume the default is infisicial client