[Refactor]: Split settings and secrets stores (#8213)

Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>

openhands/server/user_auth/__init__.py

@@ -4,6 +4,8 @@ from pydantic import SecretStr
 from openhands.integrations.provider import PROVIDER_TOKEN_TYPE
 from openhands.integrations.service_types import ProviderType
 from openhands.server.settings import Settings
+from openhands.storage.data_models.user_secrets import UserSecrets
+from openhands.storage.settings.secret_store import SecretsStore
 from openhands.server.user_auth.user_auth import AuthType, get_user_auth
 from openhands.storage.settings.settings_store import SettingsStore
 
@@ -42,6 +44,18 @@ async def get_user_settings(request: Request) -> Settings | None:
     return user_settings
 
 
+async def get_secrets_store(request: Request) -> SecretsStore:
+    user_auth = await get_user_auth(request)
+    secrets_store = await user_auth.get_secrets_store()
+    return secrets_store
+
+
+async def get_user_secrets(request: Request) -> UserSecrets | None:
+    user_auth = await get_user_auth(request)
+    user_secrets = await user_auth.get_user_secrets()
+    return user_secrets
+
+
 async def get_user_settings_store(request: Request) -> SettingsStore | None:
     user_auth = await get_user_auth(request)
     user_settings_store = await user_auth.get_user_settings_store()

openhands/server/user_auth/default_user_auth.py

@@ -7,6 +7,8 @@ from openhands.integrations.provider import PROVIDER_TOKEN_TYPE
 from openhands.server import shared
 from openhands.server.settings import Settings
 from openhands.server.user_auth.user_auth import UserAuth
+from openhands.storage.data_models.user_secrets import UserSecrets
+from openhands.storage.settings.secret_store import SecretsStore
 from openhands.storage.settings.settings_store import SettingsStore
 
 
@@ -16,6 +18,8 @@ class DefaultUserAuth(UserAuth):
 
     _settings: Settings | None = None
     _settings_store: SettingsStore | None = None
+    _secrets_store: SecretsStore | None = None
+    _user_secrets: UserSecrets | None = None
 
     async def get_user_id(self) -> str | None:
         """The default implementation does not support multi tenancy, so user_id is always None"""
@@ -45,9 +49,29 @@ class DefaultUserAuth(UserAuth):
         self._settings = settings
         return settings
 
+    async def get_secrets_store(self):
+        secrets_store = self._secrets_store
+        if secrets_store:
+            return secrets_store
+        user_id = await self.get_user_id()
+        secret_store = await shared.SecretsStoreImpl.get_instance(
+            shared.config, user_id
+        )
+        self._secrets_store = secret_store
+        return secret_store
+
+    async def get_user_secrets(self) -> UserSecrets | None:
+        user_secrets = self._user_secrets
+        if user_secrets:
+            return user_secrets
+        secrets_store = await self.get_secrets_store()
+        user_secrets = await secrets_store.load()
+        self._user_secrets = user_secrets
+        return user_secrets
+
+
     async def get_provider_tokens(self) -> PROVIDER_TOKEN_TYPE | None:
-        settings = await self.get_user_settings()
-        secrets_store = getattr(settings, 'secrets_store', None)
+        secrets_store = await self.get_user_secrets()
         provider_tokens = getattr(secrets_store, 'provider_tokens', None)
         return provider_tokens
 

openhands/server/user_auth/user_auth.py

@@ -9,6 +9,8 @@ from pydantic import SecretStr
 from openhands.integrations.provider import PROVIDER_TOKEN_TYPE
 from openhands.server.settings import Settings
 from openhands.server.shared import server_config
+from openhands.storage.data_models.user_secrets import UserSecrets
+from openhands.storage.settings.secret_store import SecretsStore
 from openhands.storage.settings.settings_store import SettingsStore
 from openhands.utils.import_utils import get_impl
 
@@ -51,6 +53,14 @@ class UserAuth(ABC):
         self._settings = settings
         return settings
 
+    @abstractmethod
+    async def get_secrets_store(self) -> SecretsStore:
+        """Get secrets store"""
+
+    @abstractmethod
+    async def get_user_secrets(self) -> UserSecrets | None:
+        """Get the user's secrets"""
+        
     def get_auth_type(self) -> AuthType | None:
         return None