Benefits of using a managed identity for Azure OpenAI

  • 4 minutes

When employing a Managed Identity, you need to specify the client ID of the user-managed identity when creating an instance of the DefaultAzureCredential or ManagedIdentityCredential class in your JavaScript application. The client ID value is established as an environment variable $AZURE_CLIENT_ID when the Managed Identity is set up.

At first glance, it might seem that this is the only vital piece of information required for the connection, aside from the endpoint URL.

import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
import { AzureOpenAI } from "openai";

// set environment variable AZURE_CLIENT_ID
const credential = new DefaultAzureCredential();
const scope = "https://cognitiveservices.azure.com/.default";
const azureADTokenProvider = getBearerTokenProvider(credential, scope);

const endpoint = process.env["AZURE_OPENAI_ENDPOINT"] || "<endpoint>";
const deployment = "<your Azure OpenAI deployment name>";
const apiVersion = "2024-05-01-preview";
const options = { azureADTokenProvider, deployment, apiVersion, endpoint }

const client = new AzureOpenAI(options);

Let's evaluate the impact of a leaked client ID versus a leaked API key.

An API key functions similarly to a regular password. If it's compromised, anyone with the key can access the resource. For Azure OpenAI, this means unrestricted use of AI models like GPT-4. If the network is publicly accessible, the security impact could be even greater.

Conversely, if the client ID is leaked, the risks are minimal. This is because the client ID alone can't establish a connection to Azure OpenAI. To utilize a Managed Identity, the service must be operating on Azure and even if Azure OpenAI is public, you can't connect from a local environment or across a network using an application.

Additionally, the following role assignment is configured for the Managed Identity:

az role assignment create --assignee $USER_MANAGED_ID_PRINCIPAL_ID \
--scope $OPEN_AI_RESOURCE_ID \
--role "Cognitive Services OpenAI User"

This configures the actions can be performed using this user ID (more on this later in the module). Here, the Cognitive Services OpenAI User role is assigned for Azure OpenAI services, limiting permissions to operations within Azure OpenAI.

In summary, compared to the ramifications of a leaked API key, exploiting a leaked client ID involves several steps, making it harder for malicious actors to exploit. For these reasons, Managed Identities offer a safer method to manage operations compared to API keys. It's recommended in the strongest possible terms that you use Managed Identity over API keys when authenticating to Azure OpenAI, or any other Azure service that supports Managed Identity.