Using Azure openAI key rotation automation

题意:使用 Azure OpenAI 密钥轮换自动化

问题背景:

We are planning to do the Azure OpenAI key rotation automatically. How can we achieve this? Do we have terraform resource for this.

我们计划自动执行 Azure OpenAI 密钥轮换。我们如何实现这一点?是否有相应的 Terraform 资源可用?

python 复制代码
resource "azurerm_cognitive_account" "example" {
  name                = "xxxxx"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  kind                = "OpenAI"

  sku_name = "S0"
}

问题解决:

Firstly, there is no direct resource present for the Open AI key rotation in terraform. Following a workaround on the requirement, I found below approach to make it work.

首先,Terraform 中没有直接用于 OpenAI 密钥轮换的资源。针对这一需求,我找到了一种可行的替代方法,具体如下。

As I mentioned in the comments, use azurerm_cognitive_account resource from terraform by providing kind as an "OpenAI" as shown.

正如我在评论中提到的,可以使用 Terraform 中的 azurerm_cognitive_account 资源,并将 kind 设置为 OpenAI,如图所示。

I tried creating a new open AI account with the below code and the deployment was successful.

我尝试使用以下代码创建一个新的 OpenAI 帐户,部署成功。

python 复制代码
provider  "azurerm"{
  features{}
}
data  "azurerm_resource_group"  "example"  {
    name = "DefaultResourceGroup-EUS"
}
resource  "azurerm_cognitive_account"  "example"  {
    name = "examplesample"
    location = data.azurerm_resource_group.example.location
    resource_group_name = data.azurerm_resource_group.example.name
    kind = "OpenAI"
sku_name = "S0"
}
}

Once it is done, you need to retrieve the keys from the external path. To do that, use data "external" block.

完成后,你需要从外部路径检索密钥。为此,可以使用 data "external" 块。

How to use it: Reference

Sample data block shown below:

示例数据块如下所示:

python 复制代码
data "external" "keys" {
  program = ["sh", "/path/retrieve_sshkey.sh"]
}

Now refer this in the main.tf terraform resource with null_resource block by passing the open ai resource id under triggers block and add a provisioner as well.

现在,在 main.tf Terraform 资源中,通过在 null_resource 块的 triggers 块中传递 OpenAI 资源 ID,并添加一个 provisioner

python 复制代码
resource "null_resource" "samplerotation" {
  triggers = {
    open_ai_resource_id = azurerm_cognitive_account.example.id
    }
provisioner "remote-exec" {
 //write a powershell script here and refer the above keys data block here
 }
}

Alternatively, you can also follow an other approach with the help of key vault. Store all the keys in the key vault and apply the key rotation from there itself.

另外,你也可以使用密钥保管库(Key Vault)采取另一种方法。将所有密钥存储在密钥保管库中,并从那里执行密钥轮换。

To do so, refer the terraform code from SO & for CLI approach refer Github doc.

为此,可以参考来自 Stack Overflow 的 Terraform 代码,并且对于 CLI 方法,可以参考 GitHub 文档。

相关推荐
九章云极AladdinEdu13 小时前
超参数自动化调优指南:Optuna vs. Ray Tune 对比评测
运维·人工智能·深度学习·ai·自动化·gpu算力
CoderJia程序员甲19 小时前
GitHub 热榜项目 - 日榜(2025-09-13)
ai·开源·大模型·github·ai教程
蒋星熠1 天前
如何在Anaconda中配置你的CUDA & Pytorch & cuNN环境(2025最新教程)
开发语言·人工智能·pytorch·python·深度学习·机器学习·ai
Code_流苏1 天前
AI热点周报(9.7~9.13):阿里Qwen3-Next震撼发布、Claude 增强记忆与服务抖动、OpenAI 聚焦模型规范化...
人工智能·gpt·ai·openai·claude·qwen3-next·架构创新
@鱼香肉丝没有鱼1 天前
分布式推理与量化部署
ai·大模型·推理部署
程序员鱼皮1 天前
AI 应用开发,不就是调个接口么?
计算机·ai·程序员·互联网·编程·网站
AImatters1 天前
2025 年PT展前瞻:人工智能+如何走进普通人的生活?
人工智能·ai·具身智能·智慧医疗·智慧出行·中国国际信息通信展览会·pt展
xiezhr1 天前
一款带有AI功能的markdown工具
ai·markdown·效率工具·笔记工具
武子康2 天前
AI-调查研究-76-具身智能 当机器人走进生活:具身智能对就业与社会结构的深远影响
人工智能·程序人生·ai·职场和发展·机器人·生活·具身智能
小鹿清扫日记2 天前
从蛮力清扫到 “会看路”:室外清洁机器人的文明进阶
人工智能·ai·机器人·扫地机器人·具身智能·连合直租·有鹿巡扫机器人