litellm icon indicating copy to clipboard operation
litellm copied to clipboard

Published 20 hours ago verified publisher icon BerriAI

[Bug]: Can not remove API Key from the UI

Open gagarinfan opened this issue 10 months ago • 1 comments

What happened?

Hi!

Docker image: ghcr.io/berriai/litellm-database: main-v1.34.12 While trying to remove the API Key from the UI an error is returned:

Failed to delete key: {"error":{"message":{"error":"Not all keys passed in were deleted. This probably means you don't have access to delete all the keys passed in."},"type":"auth_error","param":"None","code":400}}

Workaround:

  • assuming that the API token is not known and there is no unique non-secret name for the key that one can use for management purposes
  • enable developer options in browser
  • switch to networking tab
  • go to API token you want to remove, click remove
  • check out the message in networking tab. Go to Payload
  • copy the value of keys
  • using CURL or any other tool run
curl -X 'POST' \
  '<YOUR-ENDPOINT>/key/delete' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <UI-admin-password' \
  -H 'Content-Type: application/json' \
  -d '{
  "keys": [
    "12345678910",
  ]
}'

I think you might want to consider having unique non-secret names for the tokens. Currently these are only aliases that can be shared between many API Tokens. From admin perspective, it's difficult to manage API Keys not knowing their values (I don't see a need to know their secret values, esp. if created in some automatic way and shared with different teams or apps). Having unique name for the token will make the management process easier. Please consider that

For example:

| Key Name               | Key Alias  | Secret Key | Other columns |   |
|------------------------|------------|------------|---------------|---|
| my-unique-API-Key-name | some-alias | sk-12...ad | some-data     |   |
|                        |            |            |               |   |

Relevant log output

INFO:     192.168.14.63:55880 - "POST /key/delete HTTP/1.1" 400 Bad Request

Twitter / LinkedIn details

No response

gagarinfan avatar Apr 08 '24 11:04 gagarinfan

Hey @gagarinfan can you please update version and let me know if the issue persists?

krrishdholakia avatar Apr 09 '24 00:04 krrishdholakia

Hi. I can confirm that removing tokens from the UI works in the latest version (currently v1.34.39), however calling openai chat completions API endpoint stopped working 😓

Here is an issue for that -> https://github.com/BerriAI/litellm/issues/2931

And here is the feature request related to my API tokens considerations -> https://github.com/BerriAI/litellm/issues/2932

Since removing API Tokens works in the latest versions and two other topics have been addresses in other issues I think I can close this issue.

gagarinfan avatar Apr 10 '24 12:04 gagarinfan