Skip to content

fix: Replace DefaultAzureCredential with ManagedIdentityCredential for production-safe authentication #1873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Prajwal-Microsoft merged 5 commits into from
Aug 1, 2025
Merged

fix: Replace DefaultAzureCredential with ManagedIdentityCredential for production-safe authentication #1873

Prajwal-Microsoft merged 5 commits into from
Aug 1, 2025

Conversation

@Prasanjeet-Microsoft
Copy link
Contributor

@Prasanjeet-Microsoft Prasanjeet-Microsoft commented Aug 1, 2025

Purpose

This pull request introduces a significant refactor to replace the use of DefaultAzureCredential with a new utility function, get_azure_credential, to dynamically select credentials based on the application environment. Additionally, it includes a minor fix in an environment variable name and adds a new environment variable to .env.sample.

Credential Management Refactor:

  • Replaced DefaultAzureCredential with get_azure_credential in multiple files, including database_factory.py, postgresdbservice.py, azure_blob_storage_client.py, azure_computer_vision_client.py, azure_form_recognizer_helper.py, azure_postgres_helper.py, azure_search_helper.py, env_helper.py, llm_helper.py, and several others. This change ensures that the appropriate credential is selected based on whether the environment is dev or prod. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28]

Utility Function Addition:

  • Added get_azure_credential and get_azure_credential_async functions in azure_credential_utils.py. These functions dynamically select between DefaultAzureCredential and ManagedIdentityCredential based on the APP_ENV environment variable.

Environment Configuration Updates:

  • Added a new APP_ENV variable to .env.sample to specify the application environment (dev or prod). This variable is used to determine the credential type in the new utility functions.
  • Corrected a typo in the environment variable SEMANTIC_KERNEL_SYSTEM_PROMPT in env_helper.py.

These changes improve the flexibility and security of credential management while also addressing a minor issue in the environment configuration.

Does this introduce a breaking change?

  • Yes
  • No

How to Test

  • Get the code
git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install
  • Test the code

What to Check

Verify that the following are valid

  • ...

@Prasanjeet-Microsoft Prasanjeet-Microsoft marked this pull request as ready for review August 1, 2025 13:21
@Prajwal-Microsoft Prajwal-Microsoft merged commit 6c60f1a into Azure-Samples:sfi-cred-change Aug 1, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Prajwal-Microsoft Prajwal-Microsoft Prajwal-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft

@Fr4nc3 Fr4nc3 Awaiting requested review from Fr4nc3

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Prasanjeet-Microsoft @Prajwal-Microsoft