Keyless authentication to Azure OpenAI for Java

  • 3 minutes

In keyless authentication to Azure OpenAI for Java, you use Azure's managed identities or service principals to authenticate instead of hardcoding API keys or other credentials. This is done through the DefaultAzureCredential or ManagedIdentityCredential class, which provides a secure and streamlined way to obtain tokens needed for authenticating Azure services. Here's how it works in practice:

  1. Set Up Azure Environment: Ensure your Azure environment is configured correctly with managed identities or service principals.

  2. Initialize Credentials: Use the DefaultAzureCredential class or ManagedIdentityCredential class from the Azure SDK for Java to handle the authentication process seamlessly.

Here is an example code snippet:

import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.ai.openai.OpenAIClient;
import com.azure.ai.openai.models.CompletionsOptions;
import com.azure.ai.openai.models.Completions;
public class AzureOpenAIExample {
public static void main(String[] args) {

// Initialize credentials for System Managed Identity

DefaultAzureCredential credential = new DefaultAzureCredentialBuilder().build();

// Initalize credentials for User Managed Identity
// Use this code if not using System Managed Identity
// DefaultAzureCredential credential = new DefaultAzureCredentialBuilder()
//    .managedIdentityClientId("\<USER_MANAGED_IDENTITY_CLIENT_ID>")
//    .build();

// Create client instance

OpenAIClient client = new OpenAIClientBuilder()
    .endpoint("YOUR_AZURE_ENDPOINT")
    .credential(credential)
    .buildClient();

// Make API call

CompletionsOptions options = new CompletionsOptions()
    .setPrompt("Once upon a time")
    .setMaxTokens(5);

Completions response = client.getCompletions("YOUR_DEPLOYMENT_ID", options);

// Print response

System.out.println(response.getChoices().get(0).getText());
}
}

Once you have configured the code:

  1. Create Client Instance: Instantiate your OpenAIClient with the endpoint and the credentials obtained from the DefaultAzureCredential.

  2. Make API Calls: Use the client to interact with Azure OpenAI services securely, without explicitly handling sensitive credentials.