You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This pull request introduces support for Managed Identities in the Azure Chat Solution Accelerator, enhancing security and simplifying secret management. Key changes include updates to documentation, infrastructure templates, and deployment configurations.
Documentation Updates:
Added a new section on using Managed Identities for the Azure Chat Solution Accelerator, detailing security advantages, services using Managed Identities, and deployment instructions. (docs/10.managed-identities.md)
Infrastructure Updates:
Introduced a new parameter disableLocalAuth in infra/main.bicep to toggle authentication by key, enforcing RBAC using Managed Identities. (infra/main.bicep) [1][2]
Updated infra/main.json to include the disableLocalAuth parameter and its usage across various Azure services configurations. (infra/main.json) [1][2][3][4][5][6][7][8][9][10]
Deployment Configuration:
Modified the deployment instructions to ensure the parameter disableLocalAuth is set to true for using Managed Identities and updated environment variables accordingly. (infra/main.json) [1][2]
These changes collectively enhance the security posture of the Azure Chat deployment by leveraging Managed Identities, while also simplifying secret management and access control.
Hey there @thivy@davidxw ,
I've spent the last few days adding a new feature that enables the use of managed identities with the accelerator, except for Azure Speech, which I couldn't get to work reliably with managed identities and TypeScript.
As you might know, the FSI initiative is locking down tenants and enforcing the use of managed identities for internal tenants, particularly for CosmosDB. This change broke our solution, so I took the time to modify the infrastructure code and application services to support managed identities. This enhancement allows us to eliminate the risks associated with key sharing and deploy the solution in locked-down tenants.
Please take a look when you have a chance. I've conducted extensive testing to ensure everything works correctly.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces support for Managed Identities in the Azure Chat Solution Accelerator, enhancing security and simplifying secret management. Key changes include updates to documentation, infrastructure templates, and deployment configurations.
Documentation Updates:
docs/10.managed-identities.md)Infrastructure Updates:
disableLocalAuthininfra/main.bicepto toggle authentication by key, enforcing RBAC using Managed Identities. (infra/main.bicep) [1] [2]infra/main.jsonto include thedisableLocalAuthparameter and its usage across various Azure services configurations. (infra/main.json) [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]Deployment Configuration:
disableLocalAuthis set totruefor using Managed Identities and updated environment variables accordingly. (infra/main.json) [1] [2]These changes collectively enhance the security posture of the Azure Chat deployment by leveraging Managed Identities, while also simplifying secret management and access control.