Yes, you can use HashiCorp Vault to manage OpenAI API keys securely. Here are some examples:
Creating a Key in HashiCorp Vault
bash
# Create a new key
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"type": "rsa-2048"}' \
https://127.0.0.1:8200/v1/keymgmt/key/example-key
Listing Keys
bash
# List all existing keys
curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://127.0.0.1:8200/v1/keymgmt/key
Updating a Key
bash
# Update a key
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"min_enabled_version": 0, "deletion_allowed": true}' \
https://127.0.0.1:8200/v1/keymgmt/key/example-key
Reading a Key
bash
# Get information about a named key
curl \
--header "X-Vault-Token: ..." \
--request GET \
https://127.0.0.1:8200/v1/keymgmt/key/example-key
Using the Key with OpenAI
python
import requests
# Set the API key
api_key = "example-key"
# Use the key to make an OpenAI API call
response = requests.post(
"https://api.openai.com/v1/engines/text-davinci-003",
headers={"Authorization": f"Bearer {api_key}"},
json={"prompt": "Hello, World!"}
)
Storing the Key Securely
python
import os
import secrets
# Generate a random token
token = secrets.token_urlsafe(16)
# Store the token securely
os.environ["OPENAI_API_KEY"] = token
# Use the token to make an OpenAI API call
response = requests.post(
"https://api.openai.com/v1/engines/text-davinci-003",
headers={"Authorization": f"Bearer {os.environ['OPENAI_API_KEY']}"},
json={"prompt": "Hello, World!"}
)
Managing Access to the Key
python
# Create a new policy
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"policies": ["example-policy"]}' \
https://127.0.0.1:8200/v1/auth/token/create
# Assign the policy to a user
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"policies": ["example-policy"]}' \
https://127.0.0.1:8200/v1/auth/user/example-user
Rotating the Key
python
# Rotate the key
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"min_enabled_version": 0, "deletion_allowed": true}' \
https://127.0.0.1:8200/v1/keymgmt/key/example-key
# Update the API key
os.environ["OPENAI_API_KEY"] = "new-key"
Using a Token Server
python
# Create a new token server
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"type": "rsa-2048"}' \
https://127.0.0.1:8200/v1/tokenmgmt/token/example-token
# Use the token server to make an OpenAI API call
response = requests.post(
"https://api.openai.com/v1/engines/text-davinci-003",
headers={"Authorization": f"Bearer {os.environ['OPENAI_API_KEY']}"},
json={"prompt": "Hello, World!"}
)
Using a Gateway Service
python
# Create a new gateway service
curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"type": "rsa-2048"}' \
https://127.0.0.1:8200/v1/gatewaymgmt/gateway/example-gateway
# Use the gateway service to make an OpenAI API call
response = requests.post(
"https://api.openai.com/v1/engines/text-davinci-003",
headers={"Authorization": f"Bearer {os.environ['OPENAI_API_KEY']}"},
json={"prompt": "Hello, World!"}
)
These examples demonstrate how to create, manage, and use OpenAI API keys securely with HashiCorp Vault.
Citations:[1] https://developer.hashicorp.com/vault/api-docs/secret/key-management
[2] https://developer.hashicorp.com/vault/api-docs/system/internal-specs-openapi
[3] https://addepto.com/blog/what-is-an-openai-api-and-how-to-use-it/
[4] https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/specifics/hashicorp_vault_token
[5] https://www.slideshare.net/slideshow/hashicorp-vault-open-source-secrets-management-at-open18/101315518