TaskWeaver icon indicating copy to clipboard operation
TaskWeaver copied to clipboard
verified publisher icon microsoft

Transitioning from OpenAI API Keys to Azure Managed Identity (MSI) – Issues with Taskweaver Expecting API Keys in Multiple Processes

Open bsavocad opened this issue 1 year ago • 3 comments

Hello,

I'm currently in the process of transitioning my application from using OpenAI API keys to Azure Managed Service Identity (MSI) for enhanced security and credential management. However, I'm encountering several issues with Taskweaver, mainly because it expects an API key in multiple processes.

Issues Encountered:

  • API Key Dependency: Taskweaver seems to require an explicit OpenAI API key across various processes, and there doesn't appear to be an out-of-the-box way to configure it to use Azure MSI for authentication.
  • Multiple Process Configuration: The need to supply the API key in multiple places makes the transition to MSI challenging, as MSI abstracts away the need for explicit keys.

Questions:

  • Has anyone successfully configured Taskweaver to work with Azure MSI instead of traditional API keys?
  • Are there any guidelines or best practices available for integrating Taskweaver with Azure MSI?
  • Can anyone share their findings or experiences in setting this up?

What I've Tried So Far:

  • Configuration Attempts: I've attempted to modify the Taskweaver configuration to leverage MSI, but I keep running into authentication issues.
  • Documentation Review: I've reviewed the Taskweaver documentation and existing GitHub issues but haven't found relevant information regarding MSI integration.
  • Community Search: Searched online forums and communities for insights but haven't found a solution.

Additional Information:

  • Error Messages: Happy to provide specific error logs if needed.
  • Code Samples: Can share snippets of how I've attempted to configure MSI with Taskweaver.

Request:

Any assistance or guidance on how to overcome these issues would be greatly appreciated. If MSI integration isn't currently supported, are there any workarounds or plans to support this in the future?

Thank you for your help!

bsavocad avatar Sep 13 '24 19:09 bsavocad

We support using Entra authentication when using Azure OpenAI on Azure services. Maybe you can check the related instructions in this doc to configure access Azure OpenAI with managed identity.

Jack-Q avatar Sep 14 '24 04:09 Jack-Q

unfortunately, i have not been able to solve this problem even though i followed the documentation to the letter. i keep getting errors like ValueError: Config value llm.azure_ad.aad_client_secret is not found, when variables like these shouldn't be hardcoded but should auto-execute with DefaultAzureCredential by defining my managed_identity_client_id and my default_credential for my token_provider. have you heard of similar issues? it's quite frustrating!

bsavocad avatar Sep 16 '24 19:09 bsavocad

Please be sure the use the latest version of code from the repo. If the error still occurs, could you share your configuration and the detailed error message here?

Jack-Q avatar Sep 19 '24 09:09 Jack-Q

The solution we found involves creating a function to generate the token and including it in the OpenAI.py file. This way, we are able to execute the token generation remotely without needing the presence of an API key. If you have any questions, feel free to reach out to us.

bsavocad avatar Oct 22 '24 19:10 bsavocad