Using Azure openAI key rotation automation
We are planning to do the Azure OpenAI key rotation automatically. How can we achieve this? Do we have terraform resource for this.
resource "azurerm_cognitive_account" "example" {
name = "xxxxx"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
kind = "OpenAI"
sku_name = "S0"
}
Firstly, there is no direct resource present for the Open AI key rotation in terraform. Following a workaround on the requirement, I found below approach to make it work.
As I mentioned in the comments, use azurerm_cognitive_account resource from terraform by providing kind as an "OpenAI" as shown.
I tried creating a new open AI account with the below code and the deployment was successful.
provider "azurerm"{
features{}
}
data "azurerm_resource_group" "example" {
name = "DefaultResourceGroup-EUS"
}
resource "azurerm_cognitive_account" "example" {
name = "examplesample"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
kind = "OpenAI"
sku_name = "S0"
}
}
Once it is done, you need to retrieve the keys from the external path. To do that, use data "external" block.
How to use it: Reference
Sample data block shown below:
data "external" "keys" {
program = ["sh", "/path/retrieve_sshkey.sh"]
}
Now refer this in the main.tf terraform resource with null_resource block by passing the open ai resource id under triggers block and add a provisioner as well.
resource "null_resource" "samplerotation" {
triggers = {
open_ai_resource_id = azurerm_cognitive_account.example.id
}
provisioner "remote-exec" {
//write a powershell script here and refer the above keys data block here
}
}
Alternatively, you can also follow an other approach with the help of key vault. Store all the keys in the key vault and apply the key rotation from there itself.
To do so, refer the terraform code from SO & for CLI approach refer Github doc.
- Azure Maps rejecting Route Request with ZipCode
- Create-React-App hosted in Azure getting a 404 with manual refresh or by typing the url manually on any page except the home page
- Why I'm getting 404 Resource Not Found to my newly Azure OpenAI deployment?
- Scanning for malware in files uploaded to Azure
- Azure blob, controlling filename on download
- How to delete/clear active/dead-letter messages from Azure Service Bus Queue?
- How to Generate .AAB file and Sign Android app Bundle using azure pipeline
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- Can't create password containing parentheses in Azure CLI
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- Azure Access token just created but not capable to verify that is authentic
- Querying azure table storage for null values
- Azure App Functions, Storage queue trigger
- Error while running Terraform Import Command to import Azure Key Vault
- How to get Node.js app running on Azure App Service?
- K6 - Azure Blob Storage Authentication
- how to deprovision iotedge module and reconnect to a different iothub
- How to get the Azure assistant to use the vector store using SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to get client IP address in Azure Functions node.js?
- Get request headers in azure functions NodeJs Http Trigger
- Terraform Azure include NSG with subnet deployment
- What is preventing AKS from pulling images from ACR?
- Make Azure Keyvault secrets available in entire pipeline
- How to read S/MIME mails and their attachements
- Use delegated permissions with Client App Registration
- Unable to connect to Azure Function App after integrating into VNET
- add-kdsrootkey error the request is not supported
- How do you use Active Directory in a "hosted solution"?
- How can I select the proper openai.api_version?