Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon Can you provide examples of using HashiCorp Vault with OpenAI API keys


Can you provide examples of using HashiCorp Vault with OpenAI API keys


Yes, you can use HashiCorp Vault to manage OpenAI API keys securely. Here are some examples:

Creating a Key in HashiCorp Vault

bash
# Create a new key
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"type": "rsa-2048"}' \
  https://127.0.0.1:8200/v1/keymgmt/key/example-key

Listing Keys

bash
# List all existing keys
curl \
  --header "X-Vault-Token: ..." \
  --request LIST \
  https://127.0.0.1:8200/v1/keymgmt/key

Updating a Key

bash
# Update a key
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"min_enabled_version": 0, "deletion_allowed": true}' \
  https://127.0.0.1:8200/v1/keymgmt/key/example-key

Reading a Key

bash
# Get information about a named key
curl \
  --header "X-Vault-Token: ..." \
  --request GET \
  https://127.0.0.1:8200/v1/keymgmt/key/example-key

Using the Key with OpenAI

python
import requests

# Set the API key
api_key = "example-key"

# Use the key to make an OpenAI API call
response = requests.post(
    "https://api.openai.com/v1/engines/text-davinci-003",
    headers={"Authorization": f"Bearer {api_key}"},
    json={"prompt": "Hello, World!"}
)

Storing the Key Securely

python
import os
import secrets

# Generate a random token
token = secrets.token_urlsafe(16)

# Store the token securely
os.environ["OPENAI_API_KEY"] = token

# Use the token to make an OpenAI API call
response = requests.post(
    "https://api.openai.com/v1/engines/text-davinci-003",
    headers={"Authorization": f"Bearer {os.environ['OPENAI_API_KEY']}"},
    json={"prompt": "Hello, World!"}
)

Managing Access to the Key

python
# Create a new policy
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"policies": ["example-policy"]}' \
  https://127.0.0.1:8200/v1/auth/token/create

# Assign the policy to a user
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"policies": ["example-policy"]}' \
  https://127.0.0.1:8200/v1/auth/user/example-user

Rotating the Key

python
# Rotate the key
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"min_enabled_version": 0, "deletion_allowed": true}' \
  https://127.0.0.1:8200/v1/keymgmt/key/example-key

# Update the API key
os.environ["OPENAI_API_KEY"] = "new-key"

Using a Token Server

python
# Create a new token server
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"type": "rsa-2048"}' \
  https://127.0.0.1:8200/v1/tokenmgmt/token/example-token

# Use the token server to make an OpenAI API call
response = requests.post(
    "https://api.openai.com/v1/engines/text-davinci-003",
    headers={"Authorization": f"Bearer {os.environ['OPENAI_API_KEY']}"},
    json={"prompt": "Hello, World!"}
)

Using a Gateway Service

python
# Create a new gateway service
curl \
  --header "X-Vault-Token: ..." \
  --request POST \
  --data '{"type": "rsa-2048"}' \
  https://127.0.0.1:8200/v1/gatewaymgmt/gateway/example-gateway

# Use the gateway service to make an OpenAI API call
response = requests.post(
    "https://api.openai.com/v1/engines/text-davinci-003",
    headers={"Authorization": f"Bearer {os.environ['OPENAI_API_KEY']}"},
    json={"prompt": "Hello, World!"}
)

These examples demonstrate how to create, manage, and use OpenAI API keys securely with HashiCorp Vault.

Citations:
[1] https://developer.hashicorp.com/vault/api-docs/secret/key-management
[2] https://developer.hashicorp.com/vault/api-docs/system/internal-specs-openapi
[3] https://addepto.com/blog/what-is-an-openai-api-and-how-to-use-it/
[4] https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/specifics/hashicorp_vault_token
[5] https://www.slideshare.net/slideshow/hashicorp-vault-open-source-secrets-management-at-open18/101315518