Allow passing API key in code at runtime for LiteModel

[arivuforge]

Problem

Currently, the LiteModel class in graphrag_sdk.models.litellm only accepts API keys via environment variables. In scenarios where users decrypt or obtain the API key securely at runtime, there is no supported way to provide the API key directly from code. This makes secure workflows (using a secret manager or KMS, for example) unnecessarily difficult.

Proposed solution

• Add support for passing API keys via code at runtime (e.g., new constructor arg api_keys: Optional[dict]).
• On initialization, LiteModel should set the given environment variables just before validation, and optionally clear them after use, to avoid persisting secrets longer than needed.
• Add a convenience method to clear the injected API keys from os.environ.
• Preserve current behavior for environment variable configs for backward compatibility.

Example usage

from graphrag_sdk.models.litellm import LiteModel
api_key = decrypt_secret(encrypted_value)  # Decrypt at runtime
model = LiteModel(model_name="openai/gpt-4.1", api_keys={"OPENAI_API_KEY": api_key})
# ... use model ...
model.clear_api_keys()  # Remove from process env

Security notes

• Do not log the API key.
• This approach does not persist secrets in code or source control.
• Developers are responsible for clearing the API key from the environment promptly.

[galshubeli]

@arivuforge thanks, we will update it.

[arivuforge]

@galshubeli Thanks. I forked and tested the functionality it is working for me in local. But test cases were failing. Adding the changed github link here for your reference.

Forked Commit Link: arivuforge@f2a10cf