From 7a6ab3870fba0cc38ecb7c76a85bb814fa9d17c7 Mon Sep 17 00:00:00 2001 From: Yuneng Jiang Date: Sat, 25 Apr 2026 11:57:11 -0700 Subject: [PATCH 1/2] [Fix] bind RAG ingestion config to stored credential values When a vector_store config references a stored credential by name, overwrite caller-supplied values on the same keys with the credential values, and drop api_base from the resolved config when the credential does not define one. Keeps the api_key / api_base pair consistent with the credential definition. --- litellm/rag/ingestion/base_ingestion.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/litellm/rag/ingestion/base_ingestion.py b/litellm/rag/ingestion/base_ingestion.py index 6a4eb89d0f..46b4b3d956 100644 --- a/litellm/rag/ingestion/base_ingestion.py +++ b/litellm/rag/ingestion/base_ingestion.py @@ -71,7 +71,10 @@ class BaseRAGIngestion(ABC): Load credentials from litellm_credential_name if provided in vector_store config. This allows users to specify a credential name in the vector_store config - which will be resolved from litellm.credential_list. + which will be resolved from litellm.credential_list. When a stored + credential is used, its values take precedence over caller-supplied + equivalents so the api_key / api_base pair stays consistent with the + credential definition. """ from litellm.litellm_core_utils.credential_accessor import CredentialAccessor @@ -80,10 +83,13 @@ class BaseRAGIngestion(ABC): credential_values = CredentialAccessor.get_credential_values( credential_name ) - # Merge credentials into vector_store_config (don't overwrite existing values) for key, value in credential_values.items(): - if key not in self.vector_store_config: - self.vector_store_config[key] = value + self.vector_store_config[key] = value + if ( + "api_base" in self.vector_store_config + and "api_base" not in credential_values + ): + del self.vector_store_config["api_base"] @property def custom_llm_provider(self) -> str: From 0b9a7044b7e719f43ea43956aec61d0f6e62a2fd Mon Sep 17 00:00:00 2001 From: Yuneng Jiang Date: Sat, 25 Apr 2026 13:02:09 -0700 Subject: [PATCH 2/2] fix: leave vector_store_config untouched when credential lookup misses When litellm_credential_name resolves to no values (name not registered in litellm.credential_list), bail out before touching the resolved config. Prevents stripping a caller-supplied api_base in the no-match case. --- litellm/rag/ingestion/base_ingestion.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/litellm/rag/ingestion/base_ingestion.py b/litellm/rag/ingestion/base_ingestion.py index 46b4b3d956..1317c557d6 100644 --- a/litellm/rag/ingestion/base_ingestion.py +++ b/litellm/rag/ingestion/base_ingestion.py @@ -83,6 +83,8 @@ class BaseRAGIngestion(ABC): credential_values = CredentialAccessor.get_credential_values( credential_name ) + if not credential_values: + return for key, value in credential_values.items(): self.vector_store_config[key] = value if (