Azure AI Foundry Agent Unable to Use Credentials Stored in Key Vault Through Playwright MCP Tool #401
Unanswered
vaibhav01062003
asked this question in
Ask Me Anything (AMA)
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everyone,
I am trying to understand how Azure AI Foundry agents interact with Azure Key Vault when using custom MCP tools, and I would appreciate any guidance from the community.
My Setup
Created an Azure AI Foundry agent.
Created an Azure Key Vault and configured all permissions according to Microsoft's official documentation.
Stored the required website credentials (username and password) in the Key Vault.
Deployed the official Playwright MCP Docker image.
Exposed the MCP server using ngrok and verified that the endpoint is accessible.
Connected the MCP endpoint as a Custom MCP Tool in Azure AI Foundry.
Performed all configuration through the Azure portal, Foundry UI, and Playground only (no SDK or custom application code involved).
The Issue
The agent can access and use the Playwright MCP tool. However, when I ask it to log in to a website using credentials that are already stored in Key Vault, it does not populate the username and password fields.
My expectation was that the agent would be able to retrieve the secrets from Key Vault and provide them to the Playwright tool during execution.
Questions
Is there currently a supported mechanism for Azure AI Foundry agents to automatically retrieve Key Vault secrets and pass them to a Custom MCP tool?
Does the official Playwright MCP Docker image have any built-in integration with Azure Key Vault for retrieving secrets?
When using only the Foundry UI / Playground (without SDK code), can a Foundry agent securely inject Key Vault secrets into MCP tool calls?
Are additional configurations required beyond Key Vault permissions, managed identities, and agent connections?
Has anyone successfully implemented a similar setup where a Foundry agent retrieves credentials from Key Vault and uses them to perform browser automation through Playwright MCP?
Architecture Guidance
I would also appreciate clarification on the recommended architecture for this scenario.
Is the expected approach to retrieve Key Vault secrets through custom code (SDK) and then pass them to the MCP tool?
Can this be achieved entirely through Foundry UI / Playground without writing any code?
If both approaches are possible, which is the recommended and production-ready approach?
Is there a best practice for securely sharing credentials between Azure AI Foundry agents and MCP tools?
Additional Question
From an implementation perspective, which approach is currently the most reliable and efficient?
Using Azure AI Foundry SDK / Agent SDK to retrieve Key Vault secrets and inject them into tool calls programmatically.
Using Foundry Playground / UI-only configuration with custom MCP tools.
Using Azure Functions, Logic Apps, or another intermediary service that retrieves secrets from Key Vault and exposes them to the agent through a custom tool.
Any clarification on the expected architecture, current platform limitations, and recommended production approach would be greatly appreciated.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions