search

All-Hands-AI / OpenHands

🙌 OpenHands: Code Less, Make More
https://all-hands.dev
MIT License
37.37k stars 4.23k forks source link

Add Integration with Google Cloud Run and Secret Manager API for Persistent and Secure Deployment #5202

Closed AhmedProab closed 3 days ago

AhmedProab commented 3 days ago

What problem or use case are you trying to solve? I want to deploy OpenHands on Google Cloud Run for persistent and scalable operation. Additionally, I want to securely manage sensitive configuration data like API keys using Google Secret Manager API, avoiding hardcoding sensitive data in the codebase.

Describe the UX of the solution you'd like:

Add a deployment configuration or template for Google Cloud Run within the project. Introduce support for Google Secret Manager API to manage sensitive data such as API keys and environment variables. Allow seamless integration of Secret Manager in the configurations of OpenHands for managing API keys and credentials securely. Do you have thoughts on the technical implementation?

Cloud Run Integration: Provide a Docker-based deployment template optimized for Cloud Run. Add instructions in the documentation for deploying OpenHands to Google Cloud Run. Secret Manager API: Add support for fetching secrets dynamically at runtime using Google Secret Manager API. Example use case: gcloud secrets versions access --secret=. Describe alternatives you've considered:

Using manual environment variable management, which can lead to security risks and is less efficient for large-scale deployments. Setting up separate configurations for secrets, but integrating Google Secret Manager API provides better scalability and security. Additional context: This feature aligns with OpenHands' goal of providing a seamless and secure user experience for developers. Adding Cloud Run and Secret Manager integration will make it easier for users to deploy and scale OpenHands while maintaining robust security for sensitive data.

$

enyst commented 3 days ago

Hi there! We are using liteLLM SDK to support providers like Google. In my understanding, liteLLM does support Google secret manager API, but you need to use the litellm proxy, and configure it there, then use it from the SDK (OpenHands uses the SDK).

Please see this and let us know if it helps: https://docs.litellm.ai/docs/secret#google-key-management-service

neubig commented 3 days ago

And to be honest I don't think that deploying OpenHands on Google Cloud Run is in scope of the things we want to do in this repo... We're trying to build something that is cloud architecture agnostic. If there are any barriers to deploying on GCP we're happy to try to reduce them of course, but I'm going to close this as not planned for now.