o ưi @szdZddlZddlZddlmZmZddlZddlmZddl m Z ddZ dded e d e d eed ee f d dZ dS)z^ Secret Manager Handler Handles retrieving secrets from different secret management systems. N)AnyOptional) print_verbose)KeyManagementSystemcCs:ddl}z tt||kWS|jyYdSw)z"Check if a string is valid base64.rNF)binasciibase64 b64encode b64decodedecodeError)srr e/home/app/Keep/.python/lib/python3.10/site-packages/litellm/secret_managers/secret_manager_handler.py _is_base64s rclient key_manager secret_namekey_management_settingsreturnc Csfd}|tjjkst|jdt|jdkr||j}|S|tjjks*|jjdkr]t |}|dur7t dt |}|durGt |}|}nt d|jtj|dd }|jd }|S|tjjkr t |d} | durutd |t | } d | i} |jdi| }|d } | d }t|tr|}|S|tjjkrddlm} t|| rd}|dur|j}|j||d}td||S|tj jkrz|!|}td||durt d|W|Sty}z tdt||d}~ww|tj"jkr1z|j|d}|durt d|W|Sty0}z tdt||d}~ww|tj#jkrfz|j|d}|durKt d|W|Stye}z tdt||d}~ww|tj$jkrddl%m&}t||r|j||r|'ndd}|durt d||St dt|j|dkrt |}|S||j(}|S)a` Get a secret from the configured secret manager. Args: client: The secret manager client instance key_manager: The type of key manager (e.g., "azure_key_vault", "google_kms", etc.) secret_name: The name/path of the secret to retrieve key_management_settings: Optional settings for the key management system Returns: The secret value as a string, or None if not found Raises: ValueError: If the secret cannot be retrieved or required parameters are missing Exception: For other errors during secret retrieval N.z+azure.keyvault.secrets._client.SecretClientZKeyManagementServiceClientzBGoogle KMS requires the encrypted secret to be in the environment!Tz@Google KMS requires the encrypted secret to be encoded in base64)name ciphertext)requestzutf-8z+AWS KMS - Encrypted Value of Key={} is NoneZCiphertextBlobZ Plaintextr)AWSSecretsManagerV2)rprimary_secret_namezget_secret_value_response: z$secret from google secret manager: z-No secret found in Google Secret Manager for zAn error occurred - )rz0No secret found in Hashicorp Secret Manager for z/No secret found in CyberArk Secret Manager for )CustomSecretManager)rZoptional_paramsz-No secret found in Custom Secret Manager for zMCustom secret manager client must be an instance of CustomSecretManager, got localr ))rZAZURE_KEY_VAULTvaluetype __module____name__Z get_secretZ GOOGLE_KMS __class__osgetenv ValueErrorrrr ZdecryptlitellmZ_google_kms_resource_name plaintextr ZAWS_KMS Exceptionformat isinstancestrstripZAWS_SECRET_MANAGERZ-litellm.secret_managers.aws_secret_manager_v2rrZsync_read_secretrZGOOGLE_SECRET_MANAGERZ%get_secret_from_google_secret_managerZHASHICORP_VAULTZCYBERARKZCUSTOMZ*litellm.integrations.custom_secret_managerrZ model_dumpZ secret_value)rrrrsecretZencrypted_secretZb64_flagrresponseZencrypted_valueZciphertext_blobparamsr&rrerr r rget_secret_from_managers  p    Y     D  4  .  %         r0)N)__doc__rr"typingrrr%Zlitellm._loggingrZ"litellm.types.secret_managers.mainrrr*r0r r r rs(