docs: add get_llm() and get_secrets() to OpenHands Cloud Workspace guide#401
docs: add get_llm() and get_secrets() to OpenHands Cloud Workspace guide#401
Conversation
- Add 'Inheriting SaaS Credentials' section documenting get_llm() and get_secrets() methods for credential inheritance - Add SaaS Credentials example section with the full expandable example - Update page description to mention SaaS credential inheritance Companion SDK PR: OpenHands/software-agent-sdk#2409 Co-authored-by: openhands <openhands@all-hands.dev>
Matches rename in OpenHands/software-agent-sdk#2409. Co-authored-by: openhands <openhands@all-hands.dev>
Co-authored-by: openhands <openhands@all-hands.dev>
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
🔴 Needs improvement - Documentation claims to be auto-synced but doesn't match the actual SDK example file.
|
@OpenHands please fix all issues #401 (review) |
|
I'm on it! xingyaoww can track my progress at all-hands.dev |
- Sync get_llm() call to match actual SDK example (simple call, no kwargs) - Sync else branch prompt to match actual SDK example - Clarify dual auth description with specific header names Co-authored-by: openhands <openhands@all-hands.dev>
|
Looking at the work done, all changes have already been committed and pushed to the remote branch in commit Summary of ChangesAll 3 issues from the PR review (#401 (review)) have been addressed in a single commit ( Changes made to
|
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
🟢 Good taste — Accurate documentation of an elegant feature that eliminates credential complexity.
| You can override any parameter: | ||
|
|
||
| ```python icon="python" | ||
| llm = workspace.get_llm(model="gpt-4o", temperature=0.5) |
There was a problem hiding this comment.
Fantastic job on supporting this override
| llm = workspace.get_llm(model="gpt-4o", temperature=0.5) | ||
| ``` | ||
|
|
||
| Under the hood, `get_llm()` calls `GET /api/v1/users/me?expose_secrets=true` with dual authentication: the Bearer token (from your Cloud API key) in the `Authorization` header and the session key (unique per sandbox) in the `X-Session-API-Key` header. |
There was a problem hiding this comment.
I’m really not sure we should let the agent say “dual auth” when one is sent to the client via the other… 😿
|
|
||
| #### `get_secrets()` | ||
|
|
||
| Builds `LookupSecret` references for your SaaS-configured secrets. Raw values **never transit through the SDK client** — they are resolved lazily by the agent-server inside the sandbox: |
There was a problem hiding this comment.
This is very interesting and cool!
5 participants
Summary
Updates the OpenHands Cloud Workspace documentation to cover the new
get_llm()andget_secrets()methods for SaaS credential inheritance.Changes
sdk/guides/agent-server/cloud-workspace.mdxget_llm()andget_secrets()methods with usage examples and security notesget_llm(): Fetches LLM settings from the user's SaaS account and returns a ready-to-useLLMinstanceget_secrets(): BuildsLookupSecretreferences where raw values never transit through the SDK clientexamples/02_remote_agent_server/10_cloud_workspace_share_credentials.py) showing the simplified flow where onlyOPENHANDS_CLOUD_API_KEYis neededNote: A matching branch
feat/cloud-workspace-get-llm-secretshas also been pushed to this repo so the SDK CI check (check-examples) can find the docs.Companion PR
get_llm()andget_secrets()implementation)