(Feat) Add support for storing virtual keys in AWS SecretManager (#6728)

* add SecretManager to httpxSpecialProvider * fix importing AWSSecretsManagerV2 * add unit testing for writing keys to AWS secret manager * use KeyManagementEventHooks for key/generated events * us event hooks for key management endpoints * working AWSSecretsManagerV2 * fix write secret to AWS secret manager on /key/generate * fix KeyManagementSettings * use tasks for key management hooks * add async_delete_secret * add test for async_delete_secret * use _delete_virtual_keys_from_secret_manager * fix test secret manager * test_key_generate_with_secret_manager_call * fix check for key_management_settings * sync_read_secret * test_aws_secret_manager * fix sync_read_secret * use helper to check when _should_read_secret_from_secret_manager * test_get_secret_with_access_mode * test - handle eol model claude-2, use claude-2.1 instead * docs AWS secret manager * fix test_read_nonexistent_secret * fix test_supports_response_schema * ci/cd run again
2025-04-25 10:44:24 +00:00 · 2024-11-14 09:25:07 -08:00 · 2024-11-14 09:25:07 -08:00 · f8e700064e
commit f8e700064e
parent da84056e59
16 changed files with 1046 additions and 178 deletions
--- a/litellm/proxy/proxy_cli.py
+++ b/litellm/proxy/proxy_cli.py
@ -265,7 +265,6 @@ def run_server(  # noqa: PLR0915
            ProxyConfig,
            app,
            load_aws_kms,
-            load_aws_secret_manager,
            load_from_azure_key_vault,
            load_google_kms,
            save_worker_config,
@ -278,7 +277,6 @@ def run_server(  # noqa: PLR0915
                ProxyConfig,
                app,
                load_aws_kms,
-                load_aws_secret_manager,
                load_from_azure_key_vault,
                load_google_kms,
                save_worker_config,
@ -295,7 +293,6 @@ def run_server(  # noqa: PLR0915
                    ProxyConfig,
                    app,
                    load_aws_kms,
-                    load_aws_secret_manager,
                    load_from_azure_key_vault,
                    load_google_kms,
                    save_worker_config,
@ -559,8 +556,14 @@ def run_server(  # noqa: PLR0915
                        key_management_system
                        == KeyManagementSystem.AWS_SECRET_MANAGER.value  # noqa: F405
                    ):
+                        from litellm.secret_managers.aws_secret_manager_v2 import (
+                            AWSSecretsManagerV2,
+                        )
+
                        ### LOAD FROM AWS SECRET MANAGER ###
-                        load_aws_secret_manager(use_aws_secret_manager=True)
+                        AWSSecretsManagerV2.load_aws_secret_manager(
+                            use_aws_secret_manager=True
+                        )
                    elif key_management_system == KeyManagementSystem.AWS_KMS.value:
                        load_aws_kms(use_aws_kms=True)
                    elif (