Skip to content

vLLM Authentication Proposal#631

Open
sats-23 wants to merge 1 commit intoIBM:mainfrom
sats-23:securevLLM
Open

vLLM Authentication Proposal#631
sats-23 wants to merge 1 commit intoIBM:mainfrom
sats-23:securevLLM

Conversation

@sats-23
Copy link
Copy Markdown
Contributor

@sats-23 sats-23 commented Apr 17, 2026
edited
Loading

@sats-23
vLLM Authentication Proposal
1495172 
Signed-off-by: Sathvik <Sathvik.S@ibm.com>
mkumatag
mkumatag reviewed Apr 17, 2026
View reviewed changes
Comment thread docs/proposals/vllm_authentication.md

**Key Generation & Deployment Flow**:
```
1. Generate Keys (if authEnabled=true and keys empty)
Copy link
Copy Markdown
Member

@mkumatag mkumatag Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we expect the user to supply the key manually if not just just don't set? and store the key in the secret so that we can use that wherever required!

Copy link
Copy Markdown
Contributor Author

@sats-23 sats-23 Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If my understanding is right, are you suggesting,
We keep auth disabled by default and if the user provides the key, we use that key, else keep auth disabled?

Copy link
Copy Markdown
Member

@mkumatag mkumatag Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, that is what I'm thinking.. or can we even have a default password! I'm just trying to avoid any extra logic required for generating anything(this will become application/service specific logic which I want to avoid), let me know if you any different approach.

Copy link
Copy Markdown
Contributor

@manju956 manju956 Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its not a good practice to keep authN disabled by default. We can have some default vllm auth keys for each vllm service.

manju956
manju956 reviewed Apr 19, 2026
View reviewed changes
Comment thread docs/proposals/vllm_authentication.md
authEnabled: true # Default: true (authentication enabled)

instruct:
apiKey: "" # Auto-generated if authEnabled=true and empty
Copy link
Copy Markdown
Contributor

@manju956 manju956 Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we keep these keys in base64 encoded format just to avoid storing the keys in plain text?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manju956 manju956 manju956 left review comments

@mkumatag mkumatag mkumatag left review comments

@dharaneeshvrd dharaneeshvrd Awaiting requested review from dharaneeshvrd

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sats-23 @manju956 @mkumatag