Add LiteLLM dynamic secrets engine implementation #1

Open
unkinben wants to merge 1 commits from benvin/initial-implementation into main
Owner

Why

Populate the newly-created repo with the LiteLLM dynamic secrets engine: a
Vault/OpenBao plugin that mints LiteLLM virtual keys scoped by model, spending
limit, and lease TTL, so key lifetimes are owned by Vault (revoke the lease,
revoke the key).

Changes

  • Add the secrets backend: config, roles/<name>, creds/<name> paths and a
    revocable litellm_key secret type (revoke deletes the key; renew re-syncs the
    expiry).
  • Add the LiteLLM API client (generate/update/delete/info) with master-key auth.
  • Add unit tests against a mock LiteLLM proxy.
  • Add a docker-compose e2e that runs the full lifecycle against both Vault and
    OpenBao
    , proving the same binary works on each.
  • Add Makefile, woodpecker CI (build/test/pre-commit), and pre-commit config.
## Why Populate the newly-created repo with the LiteLLM dynamic secrets engine: a Vault/OpenBao plugin that mints LiteLLM virtual keys scoped by model, spending limit, and lease TTL, so key lifetimes are owned by Vault (revoke the lease, revoke the key). ## Changes - Add the secrets backend: `config`, `roles/<name>`, `creds/<name>` paths and a revocable `litellm_key` secret type (revoke deletes the key; renew re-syncs the expiry). - Add the LiteLLM API client (generate/update/delete/info) with master-key auth. - Add unit tests against a mock LiteLLM proxy. - Add a docker-compose e2e that runs the full lifecycle against **both Vault and OpenBao**, proving the same binary works on each. - Add Makefile, woodpecker CI (build/test/pre-commit), and pre-commit config.
unkinben added 1 commit 2026-07-02 23:22:30 +10:00
Populate the repo with the Vault/OpenBao dynamic secrets engine that mints
LiteLLM virtual keys scoped by model, spending limit, and lease TTL.

- Secrets backend: config, roles, creds paths and a revocable litellm_key type
- LiteLLM API client (generate/update/delete/info) with master-key auth
- Unit tests (mock LiteLLM) and a docker-compose e2e against both Vault and
  OpenBao proving the same binary works on each
- Makefile, woodpecker CI (build/test/pre-commit), pre-commit config
Some required checks are missing.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin benvin/initial-implementation:benvin/initial-implementation
git checkout benvin/initial-implementation
Sign in to join this conversation.
No Reviewers
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/vault-plugin-secrets-litellm#1