Back to Litellm

generated by https://github.com/hashicorp/terraform-plugin-docs

terraform/provider/docs/resources/credential.md

1.93.0-dev.13.8 KB
Original Source

litellm_credential (Resource)

Manages a LiteLLM credential for storing sensitive authentication information. Credentials can be used to securely store API keys, tokens, and other sensitive data that can be referenced by models and vector stores.

Example Usage

Basic OpenAI Credential

terraform
resource "litellm_credential" "openai_cred" {
  credential_name = "openai-api-key"
  model_id        = "gpt-4"
  
  credential_info = {
    provider = "openai"
    region   = "us-east-1"
    purpose  = "chat-completions"
  }
  
  credential_values = {
    api_key = var.openai_api_key
    org_id  = var.openai_org_id
  }
}

Anthropic Credential

terraform
resource "litellm_credential" "anthropic_cred" {
  credential_name = "anthropic-api-key"
  
  credential_info = {
    provider = "anthropic"
    purpose  = "text-generation"
  }
  
  credential_values = {
    api_key = var.anthropic_api_key
  }
}

Pinecone Vector Store Credential

terraform
resource "litellm_credential" "pinecone_cred" {
  credential_name = "pinecone-production"
  
  credential_info = {
    provider    = "pinecone"
    environment = "production"
    region      = "us-east-1"
  }
  
  credential_values = {
    api_key    = var.pinecone_api_key
    index_name = "document-embeddings"
  }
}

Using Credentials with Vector Store

terraform
resource "litellm_vector_store" "example" {
  vector_store_name        = "my-vector-store"
  custom_llm_provider      = "pinecone"
  litellm_credential_name  = litellm_credential.pinecone_cred.credential_name
  
  vector_store_description = "Example vector store using Pinecone"
  
  vector_store_metadata = {
    environment = "production"
    team        = "ai-team"
  }
}

Multiple Provider Credentials

terraform
# AWS Bedrock credential
resource "litellm_credential" "aws_bedrock" {
  credential_name = "aws-bedrock-cred"
  
  credential_info = {
    provider = "aws"
    service  = "bedrock"
    region   = "us-east-1"
  }
  
  credential_values = {
    aws_access_key_id     = var.aws_access_key_id
    aws_secret_access_key = var.aws_secret_access_key
    aws_region            = "us-east-1"
  }
}

# Azure OpenAI credential
resource "litellm_credential" "azure_openai" {
  credential_name = "azure-openai-cred"
  
  credential_info = {
    provider = "azure"
    service  = "openai"
  }
  
  credential_values = {
    api_key      = var.azure_openai_key
    api_base     = var.azure_openai_endpoint
    api_version  = "2023-12-01-preview"
  }
}

Argument Reference

The following arguments are supported:

  • credential_name - (Required) Name of the credential. This will be used as the identifier for the credential.
  • credential_values - (Required, Sensitive) Map of sensitive credential values such as API keys, tokens, etc.
  • model_id - (Optional) Model ID associated with this credential.
  • credential_info - (Optional) Map of additional non-sensitive information about the credential.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • credential_name - The name of the credential.

Import

Credentials can be imported using their name:

shell
terraform import litellm_credential.example "credential-name"

Security Considerations

  • The credential_values field is marked as sensitive and will not be displayed in Terraform output or logs.
  • Credential values are not read back from the API for security reasons, so they are preserved in the Terraform state.
  • Like every Terraform attribute marked Sensitive, credential_values is still written in plaintext to the state file. Anyone with read access to the state (or state artifacts such as plan files) can recover the configured secrets. Use an encrypted remote backend with tight access controls, and prefer feeding secrets in via variables sourced from a secret manager rather than hardcoding them in configuration.