terraform/provider/docs/resources/credential.md
Manages a LiteLLM credential for storing sensitive authentication information. Credentials can be used to securely store API keys, tokens, and other sensitive data that can be referenced by models and vector stores.
resource "litellm_credential" "openai_cred" {
credential_name = "openai-api-key"
model_id = "gpt-4"
credential_info = {
provider = "openai"
region = "us-east-1"
purpose = "chat-completions"
}
credential_values = {
api_key = var.openai_api_key
org_id = var.openai_org_id
}
}
resource "litellm_credential" "anthropic_cred" {
credential_name = "anthropic-api-key"
credential_info = {
provider = "anthropic"
purpose = "text-generation"
}
credential_values = {
api_key = var.anthropic_api_key
}
}
resource "litellm_credential" "pinecone_cred" {
credential_name = "pinecone-production"
credential_info = {
provider = "pinecone"
environment = "production"
region = "us-east-1"
}
credential_values = {
api_key = var.pinecone_api_key
index_name = "document-embeddings"
}
}
resource "litellm_vector_store" "example" {
vector_store_name = "my-vector-store"
custom_llm_provider = "pinecone"
litellm_credential_name = litellm_credential.pinecone_cred.credential_name
vector_store_description = "Example vector store using Pinecone"
vector_store_metadata = {
environment = "production"
team = "ai-team"
}
}
# AWS Bedrock credential
resource "litellm_credential" "aws_bedrock" {
credential_name = "aws-bedrock-cred"
credential_info = {
provider = "aws"
service = "bedrock"
region = "us-east-1"
}
credential_values = {
aws_access_key_id = var.aws_access_key_id
aws_secret_access_key = var.aws_secret_access_key
aws_region = "us-east-1"
}
}
# Azure OpenAI credential
resource "litellm_credential" "azure_openai" {
credential_name = "azure-openai-cred"
credential_info = {
provider = "azure"
service = "openai"
}
credential_values = {
api_key = var.azure_openai_key
api_base = var.azure_openai_endpoint
api_version = "2023-12-01-preview"
}
}
The following arguments are supported:
credential_name - (Required) Name of the credential. This will be used as the identifier for the credential.credential_values - (Required, Sensitive) Map of sensitive credential values such as API keys, tokens, etc.model_id - (Optional) Model ID associated with this credential.credential_info - (Optional) Map of additional non-sensitive information about the credential.In addition to all arguments above, the following attributes are exported:
credential_name - The name of the credential.Credentials can be imported using their name:
terraform import litellm_credential.example "credential-name"
credential_values field is marked as sensitive and will not be displayed in Terraform output or logs.Sensitive, credential_values is still written in plaintext to the state file. Anyone with read access to the state (or state artifacts such as plan files) can recover the configured secrets. Use an encrypted remote backend with tight access controls, and prefer feeding secrets in via variables sourced from a secret manager rather than hardcoding them in configuration.