-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for managed identity #190
Comments
This would be invaluable for my client that is very security conscious! Zero Trust right.... alongside private networking as it becomes available. The intent is that either using |
This should be incredibly easy to implement btw as there is already other apps using MSI method when there is no API key specified: @bp.before_app_serving
async def configure_openai():
openai.api_base = os.getenv("AZURE_OPENAI_ENDPOINT")
openai.api_version = "2023-03-15-preview"
if os.getenv("AZURE_OPENAI_KEY"):
openai.api_type = "azure"
openai.api_key = os.getenv("AZURE_OPENAI_KEY")
else:
openai.api_type = "azure_ad"
if client_id := os.getenv("AZURE_OPENAI_CLIENT_ID"):
default_credential = azure.identity.aio.ManagedIdentityCredential(client_id=client_id)
else:
default_credential = azure.identity.aio.DefaultAzureCredential(exclude_shared_token_cache_credential=True)
token = await default_credential.get_token("https://cognitiveservices.azure.com/.default")
openai.api_key = token.token |
I think MSI authentication for app -> openAI is in place (see code. I couldn't find anything similar for access of AI Search though in the code. |
It would be great to allow access via managed identity instead of API keys in environment variables which is considered a bad security practice
The text was updated successfully, but these errors were encountered: