Share via

Can We Bring Our Own Key to Access Azure AI Services Instead of Using the Microsoft Default Key?

Niket Kumar Singh 390 Reputation points
2024-07-19T15:12:09.9933333+00:00

Hi everyone,

I'm looking into using Azure AI services for our projects, and I have a question regarding encryption keys. Is it possible to bring our own key and use it to access the Azure AI services instead of using the default key provided by Microsoft? If so, what are the steps involved in setting this up? Any guidance or documentation links would be greatly appreciated!
User's image

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,312 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
2,895 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 26,261 Reputation points
    2024-07-21T17:46:15.5433333+00:00

    You can create or Import Your Key in Azure Key Vault:

    • Go to the Azure portal.
    • Navigate to Azure Key Vault.
    • Create a new key vault if you don't already have one.
    • In the key vault, you can either generate a new key or import an existing one.

    Then set Up Access Policies:

    • In your Key Vault, configure the access policies to grant permissions to the necessary Azure AI services.
    • Ensure that the appropriate identities (e.g., service principals, managed identities) have permissions like get, unwrapKey, and wrapKey.

    Then configure Azure AI Service to Use the Key:

    • When setting up your Azure AI service (e.g., Azure Cognitive Services), configure it to use the key stored in Azure Key Vault.
    • During the setup or configuration of the AI service, you will specify the Key Vault URL and the key to be used.

    Check the documentation : https://learn.microsoft.com/en-us/azure/key-vault/keys/byok-specification

  2. James Hamil 25,081 Reputation points Microsoft Employee
    2024-07-23T19:26:45.5733333+00:00

    Hi @Niket Kumar Singh , if you are referring to using OpenAI's GPT API in Azure, you can use the API key provided by OpenAI to access the service. You would need to create an account with OpenAI and obtain an API key, which you can then use to authenticate your requests to the GPT API. You would not be able to replace the SAS key value for OpenAI in Azure, as the SAS key is used to authenticate access to Azure storage accounts, not to OpenAI's services.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.