dluc
commented
1 month ago can you wrap the token in a Azure.Core.TokenCredential object?
var config = new AzureAISearchConfig { Auth = AzureAISearchConfig.AuthTypes.ManualTokenCredential };
TokenCredential token = new ...;
config.SetCredential(token);
var memory = new KernelMemoryBuilder().WithAzureAISearchMemoryDb(config).Build();or you could use Managed Identities:
var config = new AzureAISearchConfig { Auth = AzureAISearchConfig.AuthTypes.AzureIdentity };
var memory = new KernelMemoryBuilder().WithAzureAISearchMemoryDb(config).Build();If you use a managed identity, you should be able to configure which identity in your deployment, without the need to configure the client/tenant ID/audience in KM:
- create a managed identity in your preferred tenant/cloud
- configure Azure AI Search to allow access from the managed identity
- configure the .NET app container to use the managed identity when connecting to other services, e.g. when connecting to AI Search
- configure KM to use
AzureIdentity(second snippet above)
Context / Scenario
I'm using AI Search as the DataIngestion MemoryDb in AzureUSGovernmentCloud. I'd like to use AzureIdentity auth but I do not see a way to pass the correct token audience to the search client.
What happened?
A token is requested with scope appropriate for commerical, which does not work in gov cloud.
Importance
a fix would make my life easier
Platform, Language, Versions
dotnet
Relevant log output
No response