Hey everyone! I've got a Foundry AI Agent, and on its overview page, I see an API key, endpoint, and project details. While using the Python SDK, I noticed that DefaultAzureCredential() is mentioned for logging in through various methods. However, I'm running my application inside a Docker container and want to set it up with environment variables to avoid having to perform 'az login' each time the token expires.
I've searched high and low for a way to get credentials for my Foundry Projects, but all I found was an Object ID in the Azure AI Foundry project resource. Is there an alternative way to authenticate within a Docker container that doesn't require frequent token refreshing, like launching the app with environment variables? Any suggestions? Thanks in advance!
1 Answer
The DefaultAzureCredential() includes a managed identity as one of its authentication methods. If your container runs in Azure, it should be able to authenticate without needing to do 'az login', as it cycles through the available authentication methods to get a token. You can use the managed identity for your app to auth against the Azure AI Foundry resource with RBAC using that identity. Also, if you're looking to speed up authentication, you can exclude specific credential options from the chain! Check out the Microsoft docs for more on this.
I think the issue is that the Foundry Resource hasn’t been registered in Entra ID apps. So currently, my app only works after I run 'az login', whether I’m in Docker or on my local machine. Are you suggesting that if we register our project in Entra apps, the DefaultAzureCredential() should be able to obtain the token automatically?