FreddyAyala
commented
1 month ago Hey there @thivy @davidxw , I've spent the last few days adding a new feature that enables the use of managed identities with the accelerator, except for Azure Speech, which I couldn't get to work reliably with managed identities and TypeScript. As you might know, the FSI initiative is locking down tenants and enforcing the use of managed identities for internal tenants, particularly for CosmosDB. This change broke our solution, so I took the time to modify the infrastructure code and application services to support managed identities. This enhancement allows us to eliminate the risks associated with key sharing and deploy the solution in locked-down tenants. Please take a look when you have a chance. I've conducted extensive testing to ensure everything works correctly.
pyrox82
This pull request introduces support for Managed Identities in the Azure Chat Solution Accelerator, enhancing security and simplifying secret management. Key changes include updates to documentation, infrastructure templates, and deployment configurations.
Documentation Updates:
docs/10.managed-identities.md)Infrastructure Updates:
disableLocalAuthininfra/main.bicepto toggle authentication by key, enforcing RBAC using Managed Identities. (infra/main.bicep) [1] [2]infra/main.jsonto include thedisableLocalAuthparameter and its usage across various Azure services configurations. (infra/main.json) [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]Deployment Configuration:
disableLocalAuthis set totruefor using Managed Identities and updated environment variables accordingly. (infra/main.json) [1] [2]These changes collectively enhance the security posture of the Azure Chat deployment by leveraging Managed Identities, while also simplifying secret management and access control.