microsoft / promptflow

Build high-quality LLM apps - from prototyping, testing to production deployment and monitoring.
https://microsoft.github.io/promptflow/
MIT License
9.59k stars 878 forks source link

[Feature Request]: Using Managed Identity (RBAC) instead of basic key autentication for Connections #2102

Open jayendranarumugam opened 9 months ago

jayendranarumugam commented 9 months ago

Is your feature request related to a problem? Please describe. Creating connections like AOAI, Cognitive AI Search using keys and unable to use Managed identity (RBAC).

Describe the solution you'd like If we can create the connection like AOAI, Cogntivie AI Search i.e, Azure native resources to use managed identity instead of basic key will improve the security wise and encourage us to do restrict the automation / infra configurations

brynn-code commented 9 months ago

Hi @jayendranarumugam , thanks for reaching us, we are working on support managed identity for AzureOpenAI Connection in recent days, besides connection itself, our promptflow-tools package also need some changes to let tool use token successfully. I'll update here once AOAI support ready to use. And for the cognitive search connection, we don't have clear plan for supporting it for now, if any updates after we finished AOAI work, I'll update here also.

FreddyAyala commented 8 months ago

Hello @brynn-code just wanted to know if this feature is still being worked on, it is very important for many clients and they are asking to use managed identities. Furthermore this is something missing that should be integrated into AIStudio/Azure ML. So please let me know if you have any news because we have to also put this into visibility of PG. Thank you.

brynn-code commented 8 months ago

Hi @FreddyAyala , yes, we are working on it, currently promptflow-tools are under testing of the newly added auth mode, also AzureML workspace UI. Once we shipped new version of promptflow and promptflow-tools, we will start exposing new auth mode field process for both AzureML workspace UI and vscode extension.

github-actions[bot] commented 7 months ago

Hi, we're sending this friendly reminder because we haven't heard back from you in 30 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 7 days of this comment, the issue will be automatically closed. Thank you!

brynn-code commented 7 months ago

Update: This feature will be generally available at May.

jayendranarumugam commented 7 months ago

Thanks @brynn-code for your response.

And for the cognitive search connection, we don't have clear plan for supporting it for now, if any updates after we finished AOAI work, I'll update here also.

Any comment on this ?

brynn-code commented 7 months ago

Hi, @jayendranarumugam , update for this issue: AOAI managed identity has been supported. We are working on the cognitive search connection, after connection supported managed identity, we still need related tools to update their inner logic to support that, so the process could be long so I can't give an accuracy timeline for it. We are doing the first step now. #3117

github-actions[bot] commented 6 months ago

Hi, we're sending this friendly reminder because we haven't heard back from you in 30 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 7 days of this comment, the issue will be automatically closed. Thank you!

brynn-code commented 6 months ago

Hi, the cognitive AI search connection requires related tools to upgrades their code and they still not do it yet.

github-actions[bot] commented 5 months ago

Hi, we're sending this friendly reminder because we haven't heard back from you in 30 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 7 days of this comment, the issue will be automatically closed. Thank you!

duongthaiha commented 4 months ago

Hi Many customer is also using AI Gateway in API Management to front Azure AOAI. By any chance there is plan to support this scenario as well please? Thank you very much

brynn-code commented 4 months ago

Hi @duongthaiha thanks for the reply, could you please elaborate more about this scenario? For Azure AOAI we supported calling with managed identity now, is there any other supports required for this case? It will be better if a dummy code snippet is available.

ferronsw commented 1 month ago

@brynn-code Do you have an update on the cognitive search connection to support managed identity? Security wise we really want to only allow RBAC roles and no API keys.