^h(SrSSKrSSKrSSKJrJrJr SSKrSSKrSSK J r SSK J r SSK JrJr SSKJr SSKJr "S S \ 5rg) a This is a file for the AWS Secret Manager Integration Handles Async Operations for: - Read Secret - Write Secret - Delete Secret Relevant issue: https://github.com/BerriAI/litellm/issues/1883 Requires: * `os.environ["AWS_REGION_NAME"], * `pip install boto3>=1.28.57` N)AnyOptionalUnion)verbose_logger) BaseAWSLLM)_get_httpx_clientget_async_httpx_client)KeyManagementSystem)httpxSpecialProviderc\rSrSr\S5r\S\\4Sj5rSS\ S\\ S\\ \ \ R4S \\ 4S jjrSS\ S\\ S\\ \ \ R4S \\ 4S jjrSS\ S \ S \\ S\\ S\\ S\\ \ \ R4S \ 4SjjrSS\ S\\S\\ S\\ \ \ R4S \ 4 SjjrSS\ S\ S \\ S\\ S\\ S \\ \\44 SjjrSrg)AWSSecretsManagerV2!cBS[R;a [S5eg)NAWS_REGION_NAMEz7Missing required environment variable - AWS_REGION_NAME)osenviron ValueError)clss g/home/james-whalen/.local/lib/python3.13/site-packages/litellm/secret_managers/aws_secret_manager_v2.pyvalidate_environment(AWSSecretsManagerV2.validate_environment"s BJJ .VW W /use_aws_secret_managercUbUSLagUR5 U"5[l[R[lg![ anUeSnAff=f)z Initialize AWSSecretsManagerV2 and sets litellm.secret_manager_client = AWSSecretsManagerV2() and litellm._key_management_system = KeyManagementSystem.AWS_SECRET_MANAGER NF)rlitellmsecret_manager_clientr AWS_SECRET_MANAGER_key_management_system Exception)rres rload_aws_secret_manager+AWSSecretsManagerV2.load_aws_secret_manager'sS " )-Cu-L    $ $ &,/EG )-@-S-SG * G s9A AAAN secret_nameoptional_paramstimeoutreturnc# URSUUS9upEn[[RSU0S9nUR XEUR S5S9IShvN nUR 5 UR5S$N'![Ra [S 5e[a*n [R"S [U 55 Sn A gSn A ff=f7f) z Async function to read a secret from AWS Secrets Manager Returns: str: Secret value Raises: ValueError: If the secret is not found or an HTTP error occurs GetSecretValueactionr#r$r% llm_providerparamsutf-8urlheadersdataN SecretStringTimeout error occurred1Error reading secret from AWS Secrets Manager: %s)_prepare_requestr r SecretManagerpostdecoderaise_for_statusjsonhttpxTimeoutExceptionrrr exceptionstr) selfr#r$r% endpoint_urlr1body async_clientresponser s rasync_read_secret%AWSSecretsManagerV2.async_read_secret7s'+&;&;##+'<' # t .-;;w' )..  G8L/H  % % '==?>2 2  %% 756 6   $ $CSV    s@/C"A>A<&A>;C<A>>(C& C C CCcUS;a[R"U5$URSUUS9upEn[SU0S9nUR XEUR S5S9nUR 5 UR5S$![Ra [S 5e[a*n [R"S [U 55 S n A g S n A ff=f) z Sync function to read a secret from AWS Secrets Manager Done for backwards compatibility with existing codebase, since get_secret is a sync function )AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYr AWS_REGIONAWS_BEDROCK_RUNTIME_ENDPOINTr(r)r%)r-r.r/r3r4r5N)rgetenvr6rr8r9r:r;r<r=rrrr>r?) r@r#r$r%rAr1rB sync_clientrDr s rsync_read_secret$AWSSecretsManagerV2.sync_read_secret^s   99[) )&*&;&;##+'<' # t (w'  "''  G8L(H  % % '==?>2 2%% 756 6   $ $CSV    sAA??(C' C  C secret_value descriptionclient_request_tokenc# SSKnXS.nU(aX8S'[UR55US'URSUUUUS9upn [ [ R SU0S 9n U RXU RS 5S 9IShvN n U R5 U R5$N$![Ra'n[S URR35eSnAf[R a [S 5ef=f7f)ah Async function to write a secret to AWS Secrets Manager Args: secret_name: Name of the secret secret_value: Value to store (can be a JSON string) description: Optional description for the secret client_request_token: Optional unique identifier to ensure idempotency optional_params: Additional AWS parameters timeout: Request timeout rN)Namer3 DescriptionClientRequestToken CreateSecret)r*r#rPr$ request_datar%r+r.r/HTTP error occurred: r4)uuidr?uuid4r6r r r7r8r9r:r;r<HTTPStatusErrorrrDtextr=)r@r#rPrQrRr$r%rZr2rAr1rBrCrDerrs rasync_write_secret&AWSSecretsManagerV2.async_write_secrets( $B "- %(%6 !"&*&;&;!#%+ '<' # t.-;;w' 7)..  G8L/H  % % '==? "  $$ J4S\\5F5F4GHI I%% 756 6 7s<A D#"B,B*#B,)D*B,,D"C""#DDrecovery_window_in_daysc# UUS.nURSUUUS9upgn[[RSU0S9n U R XgUR S5S9IShvN n U R 5 U R5$N$![Ra'n [S U RR35eSn A f[Ra [S 5ef=f7f) ab Async function to delete a secret from AWS Secrets Manager Args: secret_name: Name of the secret to delete recovery_window_in_days: Number of days before permanent deletion (default: 7) optional_params: Additional AWS parameters timeout: Request timeout Returns: dict: Response from AWS Secrets Manager containing deletion details )SecretIdRecoveryWindowInDays DeleteSecret)r*r#r$rXr%r+r.r/NrYr4)r6r r r7r8r9r:r;r<r\rrDr]r=) r@r#rar$r%r2rAr1rBrCrDr^s rasync_delete_secret'AWSSecretsManagerV2.async_delete_secrets*$$;  '+&;&;!#+ '<' # t.-;;w' 7)..  G8L/H  % % '==? "  $$ J4S\\5F5F4GHI I%% 756 6 7s:5C"BA?#B>C?BC"B77#CCr*rXc6SSKJn SSKJn U=(d 0nUR U5nUR SURURS9upU RSS5n U(aUn OS U0n U(a US :XaX;S '[R"U 5RS 5n S SU3S.n U"SXU S9nU"URSUR5RU5 UR5nXR U 4$![a [ S5ef=f)z'Prepare the AWS Secrets Manager requestr) SigV4Auth) AWSRequestz7Missing boto3 to call bedrock. Run 'pip install boto3'.N)api_baseaws_bedrock_runtime_endpointaws_region_namezbedrock-runtimesecretsmanagerrcPutSecretValuer3r.zapplication/x-amz-json-1.1zsecretsmanager.)z Content-Typez X-Amz-TargetPOST)methodr0r2r1) botocore.authribotocore.awsrequestrj ImportError*_get_boto_credentials_from_optional_paramsget_runtime_endpointrlrmreplacer;dumpsencode credentialsadd_authpreparer1)r@r*r#rPr$rXrirjboto3_credentials_info_rAr2rBr1requestpreppeds rr6$AWSSecretsManagerV2._prepare_requests? Y / 6*/R!%!P!P "  33)?)\)\2BB4  $++,=?OP  D ,D*: :'3^$zz$&&w/8-fX6  |   " . .  " 2 2  (7 //#__d22Q YWX X Ys DD)NN)NNNN)NN)NNN)__name__ __module__ __qualname____firstlineno__ classmethodrrboolr!r?dictrfloatr<TimeoutrErNr_intrftuplerbytesr6__static_attributes__rrrr r !s XX Xd^  $+/9= %%"$%%u}} 456 % # %T+/9= ,,"$,%u}} 456 , # ,d&*.2*.9=373737c] 37 'sm 37 "$ 37%u}} 45637 37p23*.9= .7.7"*#.7"$ .7 %u}} 456 .7  .7h'+*.'+ 434343sm 43 "$ 43 tn 43 sC 4343rr )__doc__r;rtypingrrrr<rlitellm._loggingr!litellm.llms.bedrock.base_aws_llmr&litellm.llms.custom_httpx.http_handlerrr litellm.proxy._typesr litellm.types.llms.custom_httpr r rrrrs?  '' +85?D3*D3r