Ways to automatically rotate the two OpenAI keys

Question

Ways to automatically rotate the two OpenAI keys

Martín Delgado, Andrea 0

Hello dear colleagues,

We would like to know if there is a way available in Azure to automate the rotation of the two OpenAI keys and have them stored in Azure Key Vault. Is there any way to do this? Thank you very much in advance.

Prashanth Veeragoni 5,245 Reputation points Microsoft External Staff Moderator

2025-04-11T13:25:52.3566667+00:00

Hi Martín Delgado, Andrea,

Following up to see if the above suggestion was helpful. And, if you have any further query do let me know.

Thank you!
Prashanth Veeragoni 5,245 Reputation points Microsoft External Staff Moderator

2025-04-14T13:19:16.0166667+00:00

Hi Martín Delgado, Andrea,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Thank you!
Martín Delgado, Andrea 0 Reputation points

2025-04-29T15:43:01.5466667+00:00

Hello! I apologize for the delay, your response is really helpful. I will put it into practice for my case. Thank you very much for everything and have a great day.
Prashanth Veeragoni 5,245 Reputation points Microsoft External Staff Moderator

2025-04-29T15:57:57.4033333+00:00

Hi Martín Delgado, Andrea,

Glad to know that my response was helpful to you! If it solved your issue, I’d really appreciate it if you could upvote and accept the answer — it helps others find solutions faster and supports the community. Thank you and have a great day too!

1 answer

Your answer

Prashanth Veeragoni 5,245 Reputation points Microsoft External Staff Moderator

2025-04-11T13:25:52.3566667+00:00

Hi Martín Delgado, Andrea,

Following up to see if the above suggestion was helpful. And, if you have any further query do let me know.

Thank you!
Prashanth Veeragoni 5,245 Reputation points Microsoft External Staff Moderator

2025-04-14T13:19:16.0166667+00:00

Hi Martín Delgado, Andrea,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Thank you!
Martín Delgado, Andrea 0 Reputation points

2025-04-29T15:43:01.5466667+00:00

Hello! I apologize for the delay, your response is really helpful. I will put it into practice for my case. Thank you very much for everything and have a great day.
Prashanth Veeragoni 5,245 Reputation points Microsoft External Staff Moderator

2025-04-29T15:57:57.4033333+00:00

Hi Martín Delgado, Andrea,

Glad to know that my response was helpful to you! If it solved your issue, I’d really appreciate it if you could upvote and accept the answer — it helps others find solutions faster and supports the community. Thank you and have a great day too!

Answer 1

Hi Martín Delgado, Andrea,

Yes, you're absolutely on the right track by using Azure Key Vault for secure key management. While Azure OpenAI does not natively support automatic key rotation out of the box (as of now), you can automate the rotation of OpenAI keys using Azure automation tools such as Azure Functions, Logic Apps, and Key Vault in combination. Here's a detailed explanation and strategy to achieve this:

Azure provides two OpenAI keys per resource for redundancy. You can rotate them manually via the Azure portal, but to automate the rotation and store them securely in Key Vault, you'll need to implement a custom automation flow.

Step1: Use Azure CLI or REST API to Regenerate the OpenAI Key

Azure supports regenerating OpenAI resource keys using REST APIs:

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/regenerateKey?api-version=2023-05-01

You can choose to regenerate either:

{
  "keyName": "Key1"  // or "Key2"
}

You must authenticate using a service principal or managed identity that has the appropriate RBAC role (e.g., Cognitive Services Contributor).

Step2: Store the Rotated Key in Azure Key Vault

After the key is regenerated, you can:

· Use Azure CLI

· Or use Azure SDK for Python/PowerShell/Node.js

· To update the key in Azure Key Vault:

az keyvault secret set --vault-name "YourKeyVaultName" --name "OpenAI-Key1" --value "new-key-value"

Step3: Automate Using Azure Function or Logic App

You can set up an Azure Function (Python) or Logic App that:

· Triggers periodically (e.g., every 30 days)

· Calls the REST API to rotate the selected key

· Stores the new key value in Key Vault

· Optionally logs the rotation event (Log Analytics, Email, etc.)

Step4: Using Managed Identity for Secure Automation

Assign a Managed Identity to your automation service (Azure Function or Logic App) and grant:

· Key Vault Secrets Officer role to update secrets

· Cognitive Services Contributor role to regenerate keys

Hope this helps, do let me know if you have any queries.

Thank you!

Share via

Ways to automatically rotate the two OpenAI keys

1 answer

Your answer