Multi-level secrets management plugin for ElizaOS with encryption and dynamic plugin activation
Project description
ElizaOS Plugin - Secrets Manager (Python)
Multi-level secrets management plugin for ElizaOS with encryption, validation, and dynamic plugin activation.
Features
- Multi-level storage: Global (agent-wide), World (server/channel), and User (per-user) secrets
- Strong encryption: AES-256-GCM encryption with secure key derivation
- Validation: Built-in validators for common API keys (OpenAI, Anthropic, Groq, etc.)
- Dynamic activation: Plugins can be activated once their required secrets are available
- Access logging: Track who accessed what secrets and when
- Natural language: Set and manage secrets via natural language commands
Installation
pip install elizaos-plugin-secrets-manager
Quick Start
from elizaos_plugin_secrets_manager import secrets_manager_plugin, SecretsService
# Register the plugin with your runtime
runtime.register_plugin(secrets_manager_plugin)
# Or use the service directly
service = SecretsService(runtime)
await service.start()
# Set a global secret
await service.set_global("OPENAI_API_KEY", "sk-...")
# Get the secret
value = await service.get_global("OPENAI_API_KEY")
Secret Levels
Global Secrets
Agent-wide secrets like API keys that apply across all interactions.
await service.set_global("OPENAI_API_KEY", "sk-...")
value = await service.get_global("OPENAI_API_KEY")
World Secrets
Server/channel-specific secrets for multi-tenant scenarios.
await service.set_world("ADMIN_TOKEN", "token-...", world_id="discord-server-123")
value = await service.get_world("ADMIN_TOKEN", world_id="discord-server-123")
User Secrets
Per-user secrets for personalized configurations.
await service.set_user("WALLET_ADDRESS", "0x...", user_id="user-123")
value = await service.get_user("WALLET_ADDRESS", user_id="user-123")
Validation
Built-in validators ensure API keys match expected formats:
from elizaos_plugin_secrets_manager import validate_secret
result = await validate_secret("OPENAI_API_KEY", "sk-abc123...", "openai")
if result.is_valid:
print("Valid OpenAI key!")
else:
print(f"Invalid: {result.error}")
Supported validators:
openai- OpenAI API keys (sk-...)anthropic- Anthropic API keys (sk-ant-...)groq- Groq API keys (gsk_...)google/gemini- Google API keysdiscord- Discord bot tokenstelegram- Telegram bot tokensgithub- GitHub tokensurl- URL validation
Plugin Activation
Register plugins that depend on secrets:
from elizaos_plugin_secrets_manager import PluginActivatorService, PluginWithSecrets, PluginSecretRequirement
activator = PluginActivatorService(runtime)
# Define requirements
requirements = {
"OPENAI_API_KEY": PluginSecretRequirement(
key="OPENAI_API_KEY",
description="OpenAI API key for completions",
required=True,
validation_method="openai"
)
}
# Register plugin for activation
plugin_with_secrets = PluginWithSecrets(
plugin=my_plugin,
secret_requirements=requirements,
on_secrets_ready=my_activation_callback
)
await activator.register_plugin(plugin_with_secrets)
Actions
The plugin provides natural language actions:
SET_SECRET
Set a secret via natural language:
"Set my OpenAI key to sk-abc123xyz"
MANAGE_SECRET
Manage secrets:
"List all my secrets" "Delete my GROQ_API_KEY" "Is ANTHROPIC_API_KEY configured?"
Encryption
All secrets are encrypted by default using AES-256-GCM:
from elizaos_plugin_secrets_manager import KeyManager, encrypt, decrypt
# Key derivation
key_manager = KeyManager()
key_manager.initialize_from_agent_id("agent-123", "salt")
# Encrypt
encrypted = key_manager.encrypt("my secret")
# Decrypt
plaintext = key_manager.decrypt(encrypted)
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Type checking
mypy elizaos_plugin_secrets_manager
# Linting
ruff check elizaos_plugin_secrets_manager
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file elizaos_plugin_secrets_manager-2.0.0a4.tar.gz.
File metadata
- Download URL: elizaos_plugin_secrets_manager-2.0.0a4.tar.gz
- Upload date:
- Size: 47.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2dcf90b56580308b7c3c0d60a725dde92c02eb62a62bc0ec2a764d0706ea4f2b
|
|
| MD5 |
ee6fcef0b9febab222b18a7b0319de4c
|
|
| BLAKE2b-256 |
a3130f3cfb9c96f9f11e513c62b0d06dce04ad8a38420d46369525709640413f
|
File details
Details for the file elizaos_plugin_secrets_manager-2.0.0a4-py3-none-any.whl.
File metadata
- Download URL: elizaos_plugin_secrets_manager-2.0.0a4-py3-none-any.whl
- Upload date:
- Size: 52.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c01475cb23281ca0778f7e214a85d04614af1aacaafb1adb4b18283e81e1ae34
|
|
| MD5 |
fe75a5c37a27b8ab10912c939ac93040
|
|
| BLAKE2b-256 |
ad83e0884bf8be43008c58be6c11fe966daef57bf730813e7c22e00b6b7636be
|
