add application level encryption in SQS

docs/my-website/docs/proxy/deploy.md

@@ -788,7 +788,7 @@ docker run --name litellm-proxy \
 ## Platform-specific Guide
 
 <Tabs>
-<TabItem value="AWS ECS" label="AWS ECS - Elastic Container Service>
+<TabItem value="AWS ECS" label="AWS ECS - Elastic Container Service">
 
 ### Terraform-based ECS Deployment
 

docs/my-website/release_notes/v1.78.0-stable/index.md

@@ -40,15 +40,15 @@ import TabItem from '@theme/TabItem';
 docker run \
 -e STORE_MODEL_IN_DB=True \
 -p 4000:4000 \
-ghcr.io/berriai/litellm:v1.78.0.rc.1
+ghcr.io/berriai/litellm:v1.78.0.rc.2
 ```
 
 </TabItem>
 
 <TabItem value="pip" label="Pip">
 
 ``` showLineNumbers title="pip install litellm"
-pip install litellm==1.78.0.rc.1
+pip install litellm==1.78.0.rc.2
 ```
 
 </TabItem>

litellm-proxy-extras/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "litellm-proxy-extras"
-version = "0.2.26"
+version = "0.2.27"
 description = "Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package."
 authors = ["BerriAI"]
 readme = "README.md"
@@ -22,7 +22,7 @@ requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"
 
 [tool.commitizen]
-version = "0.2.26"
+version = "0.2.27"
 version_files = [
     "pyproject.toml:version",
     "../requirements.txt:litellm-proxy-extras==",

litellm/integrations/sqs.py

@@ -7,6 +7,8 @@
 from __future__ import annotations
 
 import asyncio
+import base64
+import json
 import traceback
 from typing import List, Optional
 
@@ -27,31 +29,37 @@
 from litellm.types.utils import StandardLoggingPayload
 
 from .custom_batch_logger import CustomBatchLogger
+from litellm.litellm_core_utils.app_crypto import AppCrypto
 
 
 class SQSLogger(CustomBatchLogger, BaseAWSLLM):
-    """Batching logger that writes logs to an AWS SQS queue."""
+    """Batching logger that writes logs to an AWS SQS queue, optionally encrypting the payload."""
 
     def __init__(
-        self,
-        sqs_queue_url: Optional[str] = None,
-        sqs_region_name: Optional[str] = None,
-        sqs_api_version: Optional[str] = None,
-        sqs_use_ssl: bool = True,
-        sqs_verify: Optional[bool] = None,
-        sqs_endpoint_url: Optional[str] = None,
-        sqs_aws_access_key_id: Optional[str] = None,
-        sqs_aws_secret_access_key: Optional[str] = None,
-        sqs_aws_session_token: Optional[str] = None,
-        sqs_aws_session_name: Optional[str] = None,
-        sqs_aws_profile_name: Optional[str] = None,
-        sqs_aws_role_name: Optional[str] = None,
-        sqs_aws_web_identity_token: Optional[str] = None,
-        sqs_aws_sts_endpoint: Optional[str] = None,
-        sqs_flush_interval: Optional[int] = DEFAULT_SQS_FLUSH_INTERVAL_SECONDS,
-        sqs_batch_size: Optional[int] = DEFAULT_SQS_BATCH_SIZE,
-        sqs_config=None,
-        **kwargs,
+            self,
+            # --- Standard SQS params ---
+            sqs_queue_url: Optional[str] = None,
+            sqs_region_name: Optional[str] = None,
+            sqs_api_version: Optional[str] = None,
+            sqs_use_ssl: bool = True,
+            sqs_verify: Optional[bool] = None,
+            sqs_endpoint_url: Optional[str] = None,
+            sqs_aws_access_key_id: Optional[str] = None,
+            sqs_aws_secret_access_key: Optional[str] = None,
+            sqs_aws_session_token: Optional[str] = None,
+            sqs_aws_session_name: Optional[str] = None,
+            sqs_aws_profile_name: Optional[str] = None,
+            sqs_aws_role_name: Optional[str] = None,
+            sqs_aws_web_identity_token: Optional[str] = None,
+            sqs_aws_sts_endpoint: Optional[str] = None,
+            sqs_flush_interval: Optional[int] = DEFAULT_SQS_FLUSH_INTERVAL_SECONDS,
+            sqs_batch_size: Optional[int] = DEFAULT_SQS_BATCH_SIZE,
+            sqs_config=None,
+            # --- 🔐 Application-level encryption params ---
+            sqs_aws_use_application_level_encryption: bool = False,
+            sqs_app_encryption_key_b64: Optional[str] = None,
+            sqs_app_encryption_aad: Optional[str] = None,
+            **kwargs,
     ) -> None:
         try:
             verbose_logger.debug(
@@ -77,7 +85,11 @@ def __init__(
                 sqs_aws_role_name=sqs_aws_role_name,
                 sqs_aws_web_identity_token=sqs_aws_web_identity_token,
                 sqs_aws_sts_endpoint=sqs_aws_sts_endpoint,
+                sqs_aws_use_application_level_encryption=sqs_aws_use_application_level_encryption,
+                sqs_app_encryption_key_b64=sqs_app_encryption_key_b64,
+                sqs_app_encryption_aad=sqs_app_encryption_aad,
                 sqs_config=sqs_config,
+                **kwargs,
             )
 
             asyncio.create_task(self.periodic_flush())
@@ -95,7 +107,6 @@ def __init__(
             )
 
             self.log_queue: List[StandardLoggingPayload] = []
-
             BaseAWSLLM.__init__(self)
 
         except Exception as e:
@@ -118,6 +129,9 @@ def _init_sqs_params(
         sqs_aws_role_name: Optional[str] = None,
         sqs_aws_web_identity_token: Optional[str] = None,
         sqs_aws_sts_endpoint: Optional[str] = None,
+        sqs_aws_use_application_level_encryption: bool = False,
+        sqs_app_encryption_key_b64: Optional[str] = None,
+        sqs_app_encryption_aad: Optional[str] = None,
         sqs_config=None,
     ) -> None:
         litellm.aws_sqs_callback_params = litellm.aws_sqs_callback_params or {}
@@ -179,6 +193,27 @@ def _init_sqs_params(
             litellm.aws_sqs_callback_params.get("sqs_aws_sts_endpoint") or sqs_aws_sts_endpoint
         )
 
+        self.sqs_aws_use_application_level_encryption = (
+                litellm.aws_sqs_callback_params.get("sqs_aws_use_application_level_encryption", False)
+                or sqs_aws_use_application_level_encryption
+        )
+        self.sqs_app_encryption_key_b64 = (
+                litellm.aws_sqs_callback_params.get("sqs_app_encryption_key_b64")
+                or sqs_app_encryption_key_b64
+        )
+        self.sqs_app_encryption_aad = (
+                litellm.aws_sqs_callback_params.get("sqs_app_encryption_aad")
+                or sqs_app_encryption_aad
+        )
+        self.app_crypto: Optional[AppCrypto] = None
+        if self.sqs_aws_use_application_level_encryption:
+            if not self.sqs_app_encryption_key_b64:
+                raise ValueError("sqs_app_encryption_key_b64 is required when encryption is enabled.")
+            key = base64.b64decode(self.sqs_app_encryption_key_b64)
+            self.app_crypto = AppCrypto(key)
+            verbose_logger.debug(
+                "SQSLogger: Application-level encryption enabled."
+            )
         self.sqs_config = litellm.aws_sqs_callback_params.get("sqs_config") or sqs_config
 
     async def async_log_success_event(
@@ -256,11 +291,21 @@ async def async_send_message(self, payload: StandardLoggingPayload) -> None:
             if self.sqs_queue_url is None:
                 raise ValueError("sqs_queue_url not set")
 
-            json_string = safe_dumps(payload)
+            json_data = json.loads(safe_dumps(payload))
+            if self.app_crypto:
+                aad_bytes = (
+                    self.sqs_app_encryption_aad.encode("utf-8")
+                    if self.sqs_app_encryption_aad
+                    else None
+                )
+                encrypted = self.app_crypto.encrypt_json(json_data, aad=aad_bytes)
+                json_string = json.dumps({"__encrypted__": True, "payload": encrypted})
+            else:
+                json_string = safe_dumps(payload)
 
             body = (
-                f"Action={SQS_SEND_MESSAGE_ACTION}&Version={SQS_API_VERSION}&MessageBody="
-                + quote(json_string, safe="")
+                    f"Action={SQS_SEND_MESSAGE_ACTION}&Version={SQS_API_VERSION}&MessageBody="
+                    + quote(json_string, safe="")
             )
 
             headers = {

litellm/litellm_core_utils/app_crypto.py

@@ -0,0 +1,31 @@
+import base64
+import json
+import os
+
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+class AppCrypto:
+    def __init__(self, master_key: bytes):
+        if len(master_key) != 32:
+            raise ValueError("Master key must be 32 bytes for AES-256-GCM")
+        self.key = master_key
+
+    def encrypt_json(self, data: dict, aad: bytes | None = None) -> dict:
+        aes = AESGCM(self.key)
+        nonce = os.urandom(12)
+        plaintext = json.dumps(data).encode("utf-8")
+        ct = aes.encrypt(nonce, plaintext, aad)
+        ciphertext, tag = ct[:-16], ct[-16:]
+        return {
+            "nonce": base64.b64encode(nonce).decode(),
+            "ciphertext": base64.b64encode(ciphertext).decode(),
+            "tag": base64.b64encode(tag).decode(),
+        }
+
+    def decrypt_json(self, enc: dict, aad: bytes | None = None) -> dict:
+        aes = AESGCM(self.key)
+        nonce = base64.b64decode(enc["nonce"])
+        ct = base64.b64decode(enc["ciphertext"])
+        tag = base64.b64decode(enc["tag"])
+        data = aes.decrypt(nonce, ct + tag, aad)
+        return json.loads(data.decode())

litellm/proxy/_types.py

@@ -377,6 +377,7 @@ class LiteLLMRoutes(enum.Enum):
     llm_api_routes = (
         openai_routes
         + anthropic_routes
+        + google_routes
         + mapped_pass_through_routes
         + passthrough_routes_wildcard
         + apply_guardrail_routes