o ưi(@sdZddlZddlZddlZddlZddlmZmZmZddl Z ddl m Z ddZ dee fdd ZGd d d Z d eeeffd dZdS)z This is a file for the AWS Secret Manager Integration Relevant issue: https://github.com/BerriAI/litellm/issues/1883 Requires: * `os.environ["AWS_REGION_NAME"], * `pip install boto3>=1.28.57` N)AnyDictOptional)KeyManagementSystemcCsdtjvr tddS)NAWS_REGION_NAME7Missing required environment variable - AWS_REGION_NAME)osenviron ValueErrorr r a/home/app/Keep/.python/lib/python3.10/site-packages/litellm/secret_managers/aws_secret_manager.pyvalidate_environments r use_aws_kmsc Csh|dus|dur dSzddl}t|jdtdd}|t_tjt_ WdSt y3}z|d}~wwNFrZkmsr)Z region_name) boto3r clientrgetenvlitellmZsecret_manager_clientrZAWS_KMSZ_key_management_system Exception)rr kms_clienter r r load_aws_kmssrc@sFeZdZdZdddZddZdeefd d Zd e de fd d Z dS)AWSKeyManagementService_V2zJ V2 Clean Class for decrypting keys from AWS KeyManagementService returnNcCs||jdd|_dS)NT)r)r rr)selfr r r __init__1sz#AWSKeyManagementService_V2.__init__cCsTdtjvr tdd}tdddurd}n tdddur d}|dur(tddS)NrrFZLITELLM_LICENSETZ&LITELLM_SECRET_AWS_KMS_LITELLM_LICENSEzkAWSKeyManagementService V2 is an Enterprise Feature. Please add a valid LITELLM_LICENSE to your envionment.)rr r r)rZis_litellm_license_in_envr r r r 5s z/AWSKeyManagementService_V2.validate_environmentrc CsZ|dus|dur dSzddl}t|jdtdd}|WSty,}z|d}~wwr)rr rrrr)rrrrrr r r rGsz'AWSKeyManagementService_V2.load_aws_kms secret_namec Cs|jdur tdt|d}|durtd|t|tr*|dr*| dd}t |}d|i}|jj di|}|d}| d}t|trN|}zt|}t|tr\|WSW|StyhY|Sw) Nzkms_client is Nonez+AWS KMS - Encrypted Value of Key={} is Noneaws_kms/ZCiphertextBlobZ Plaintextzutf-8r )rr rrrformat isinstancestr startswithreplacebase64 b64decodeZdecryptdecodestripast literal_evalbool) rrZencrypted_valueZciphertext_blobparamsresponseZ plaintextsecretZsecret_value_as_boolr r r decrypt_valueVs4         z(AWSKeyManagementService_V2.decrypt_value)rN) __name__ __module__ __qualname____doc__rr rr*rr!rr.r r r r r,s  rrcCst}i}tjD]6\}}|durt|tr|ds,|dur@t|tr@|dr@|j|d}t j dd|t j d}|||<q |S)NZlitellm_secret_aws_kmsr)rZlitellm_secret_aws_kms_r)flags) rrr itemsr r!lowerr"r.resub IGNORECASE)Zaws_kms new_valueskvZdecrypted_valuer r r decrypt_env_vars  r<)r2r(r$rr6typingrrrrZlitellm.proxy._typesrr r*rrr!r<r r r r s  L