dify
dify copied to clipboard
langgenius
* version of key sent
Self Checks
- [X] I have searched for existing issues search for existing issues, including closed ones.
- [X] I confirm that I am using English to file this report (我已阅读并同意 Language Policy).
Dify version
0.5.2
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
creat a custom tool
✔️ Expected Behavior
it works
❌ Actual Behavior
the value for API key is partially ********. instead of sending the actual key... it sends the c4****************************f7 to the server so auth fails
🤖
Hey @vontainment! Good to see you again. Seems like you've run into another hiccup. No worries, I'm diving into it right now. Hang tight for a detailed response soon.
![dosubot[bot] avatar](https://avatars.githubusercontent.com/in/324583?v=4 "Published by a pub.dev verified publisher"){kind=small}
i think it only does it if you click configure again. if i set the api key again and don't go back to configure it seems to work unless i click configure
Update... if i go in and set the api key again and save and i call a tool function.. it works... then it starts sending the key with ****** in it and it fails until i update they key again
🤖
Thank you for providing detailed information about the issue you're experiencing. It seems like the problem is related to the mask_tool_credentials function in the ToolConfiguration class. This function is designed to mask sensitive information in the credentials, such as API keys, by replacing the middle characters with asterisks ('*'). This is typically done for security reasons, to prevent the full API key from being exposed in logs or UI.
However, if this masked version of the API key is being sent to the server instead of the original, unmasked version, it would cause authentication to fail because the server would not be able to recognize the masked API key.
The issue could be happening if the mask_tool_credentials function is being called instead of the decrypt_tool_credentials function when the API key is being sent to the server. The decrypt_tool_credentials function is designed to decrypt the API key using the tenant ID, returning the original, unmasked version of the API key.
Here is the relevant code:
def mask_tool_credentials(self, credentials: Dict[str, Any]) -> Dict[str, Any]:
"""
mask tool credentials
return a deep copy of credentials with masked values
"""
credentials = self._deep_copy(credentials)
# get fields need to be decrypted
fields = self.provider_controller.get_credentials_schema()
for field_name, field in fields.items():
if field.type == ToolProviderCredentials.CredentialsType.SECRET_INPUT:
if field_name in credentials:
if len(credentials[field_name]) > 6:
credentials[field_name] = \
credentials[field_name][:2] + \
'*' * (len(credentials[field_name]) - 4) +\
credentials[field_name][-2:]
else:
credentials[field_name] = '*' * len(credentials[field_name])
return credentials
def decrypt_tool_credentials(self, credentials: Dict[str, str]) -> Dict[str, str]:
"""
decrypt tool credentials with tanent id
return a deep copy of credentials with decrypted values
"""
credentials = self._deep_copy(credentials)
# get fields need to be decrypted
fields = self.provider_controller.get_credentials_schema()
for field_name, field in fields.items():
if field.type == ToolProviderCredentials.CredentialsType.SECRET_INPUT:
if field_name in credentials:
try:
credentials[field_name] = encrypter.decrypt_token(self.tenant_id, credentials[field_name])
except:
pass
return credentials
To resolve this issue, ensure that the decrypt_tool_credentials function is being called when the API key is being sent to the server, not the mask_tool_credentials function. You can find this code in the api/core/tools/utils/configration.py file.
As for the process of setting and retrieving the API key in the Dify codebase, the API key is set through a modal form field in the configuration. The key for this field is 'anthropic_api_key'. The user is required to enter their API key in this field, as indicated by the 'required: true' property. The placeholder text for this field is 'Enter your API key here' (in English) or '在此输入您的 API Key' (in Chinese). The API key can be retrieved from the configuration using the key 'anthropic_api_key'. The 'validateKeys' array in the 'modal' object of the configuration includes this key, which suggests that the entered API key is validated before being used. This code can be found in the web/app/components/header/account-setting/model-page/configs/anthropic.tsx file.
I hope this helps! If you have any other questions or need further clarification, please let me know.
Sources
- api/core/tools/utils/configration.py
- web/app/components/header/account-setting/model-page/configs/anthropic.tsx
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.
Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.
If you want to continue the conversation, start your reply with @dosu-bot.
Has anyone figured this one out yet?
Thanks, this problem will be solved soon
