vodorod/Dorod-Sky
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Migrate credentials to Azure Key Vault (#3681)

Browse Source
This commit is contained in:
Stanislav Novosad
2025-10-10 10:10:18 -06:00
committed by GitHub
parent c3ce5b1952
commit 32e6aed8ce
12 changed files with 438 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
skyvern/forge/app.py
View File

@@ -13,7 +13,9 @@ from skyvern.forge.sdk.artifact.storage.s3 import S3Storage
from skyvern.forge.sdk.cache.factory import CacheFactory
from skyvern.forge.sdk.db.client import AgentDB
from skyvern.forge.sdk.experimentation.providers import BaseExperimentationProvider, NoOpExperimentationProvider
from skyvern.forge.sdk.schemas.credentials import CredentialVaultType
from skyvern.forge.sdk.schemas.organizations import Organization
from skyvern.forge.sdk.services.credential.azure_credential_vault_service import AzureCredentialVaultService
from skyvern.forge.sdk.services.credential.bitwarden_credential_service import BitwardenCredentialVaultService
from skyvern.forge.sdk.services.credential.credential_vault_service import CredentialVaultService
from skyvern.forge.sdk.settings_manager import SettingsManager
@@ -96,7 +98,20 @@ WORKFLOW_CONTEXT_MANAGER = WorkflowContextManager()
WORKFLOW_SERVICE = WorkflowService()
AGENT_FUNCTION = AgentFunction()
PERSISTENT_SESSIONS_MANAGER = PersistentSessionsManager(database=DATABASE)
CREDENTIAL_VAULT_SERVICE: CredentialVaultService = BitwardenCredentialVaultService()
BITWARDEN_CREDENTIAL_VAULT_SERVICE: BitwardenCredentialVaultService = BitwardenCredentialVaultService()
AZURE_CREDENTIAL_VAULT_SERVICE: AzureCredentialVaultService | None = None
if SettingsManager.get_settings().AZURE_CREDENTIAL_VAULT:
AZURE_CREDENTIAL_VAULT_SERVICE = AzureCredentialVaultService(
tenant_id=SettingsManager.get_settings().AZURE_TENANT_ID, # type: ignore
client_id=SettingsManager.get_settings().AZURE_CLIENT_ID, # type: ignore
client_secret=SettingsManager.get_settings().AZURE_CLIENT_SECRET, # type: ignore
vault_name=SettingsManager.get_settings().AZURE_CREDENTIAL_VAULT, # type: ignore
)
CREDENTIAL_VAULT_SERVICES: dict[str, CredentialVaultService | None] = {
CredentialVaultType.BITWARDEN: BITWARDEN_CREDENTIAL_VAULT_SERVICE,
CredentialVaultType.AZURE_VAULT: AZURE_CREDENTIAL_VAULT_SERVICE,
}
scrape_exclude: ScrapeExcludeFunc | None = None
authentication_function: Callable[[str], Awaitable[Organization]] | None = None