Share via

ML Studio: Environment and Dependency Management Challenges

Arturo Sánchez Pineda 17 Reputation points
2025-06-19T08:38:56.8333333+00:00

Hi team,

This is another ticket connected to our usage of Azure ML Studio workspaces

Other in this series:

So, this ticket refers to another feedback case by our engineers:

  • Issue Description:
    • Difficulty accessing private pip repositories via Personal Access Tokens (PAT) when building environments using custom Dockerfiles.
    Lack of a documented and secure way to leverage secrets stored in Azure ML connections within Docker build processes.
  • Suggested Solutions:
    • Document and enable secure access to Azure ML-stored secrets during custom Docker environment builds.
    • Improve integration between Azure DevOps Artifacts and Azure ML environment-building workflows.

As usual, thank you for your feedback and help.

Arturo

Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
3,332 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator
    2025-06-19T10:59:20.83+00:00

    Hi Arturo Sánchez Pineda,

    Thank you for raising this issue and providing detailed context.

    We understand that you're facing difficulty securely accessing private pip repositories (e.g., Azure DevOps Artifacts) via PAT during custom Docker builds in Azure ML Studio.

    Since Docker builds happen in isolated environments, Azure ML connections/secrets (including Key Vault and managed identities) are not available by default at build time. To resolve this:

    Recommended Approach:

    ·   Store your PAT token in Azure Key Vault.

    ·   Use Azure DevOps Pipelines to inject this secret into the Docker build as a build argument (--build-arg).

    ·   Modify your Dockerfile to read this argument and install private packages accordingly.

    Alternate Options:

    ·   Use multi-stage Docker builds and inject secrets later via environment variables during runtime in Azure ML.

    ·   Explore using Managed Identity if supported by Azure DevOps Artifacts.

    We also acknowledge your feedback on improving documentation and tighter integration between Azure ML and Azure DevOps for such workflows and will share this feedback to the product team.

    Please refer below documents for better understanding:

    Secret injection in online endpoints (preview)

    Building custom Docker images for training and deployment

    Leverage private packages when training and deploying models

    Hope this helps.

    Thank you!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.