1. Using azure-native keyvault with cognitiveservices

    TypeScript

    In this guide, we'll create a program using Pulumi to set up an Azure Key Vault and a Cognitive Services Account. Azure Key Vault is a cloud service that provides a secure store for secrets, keys, and certificates. Cognitive Services are a set of machine learning algorithms that Microsoft provides as a service.

    The purpose of using Key Vault with Cognitive Services is to ensure that any sensitive data, such as API keys or other credentials used by Cognitive Services, are stored securely and aren't hard-coded in your application.

    Here's how we can do it step by step:

    1. Set up an Azure Key Vault: This will serve as the secure store for any secrets or keys.
    2. Set up a Cognitive Services Account: This account will provide access to various AI and machine learning capabilities.
    3. Configure the Cognitive Services account to use the Azure Key Vault for storing its secrets.

    Below is the Pulumi TypeScript program that accomplishes the above tasks:

    import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure-native"; // Create an Azure resource group const resourceGroup = new azure.resources.ResourceGroup("resourceGroup"); // Create an Azure Key Vault const keyVault = new azure.keyvault.Vault("keyVault", { resourceGroupName: resourceGroup.name, location: resourceGroup.location, properties: { // Set the SKU and tenant ID for Key Vault sku: { family: "A", name: "standard" }, tenantId: "your-tenant-id", // Replace with your Tenant ID // Define access policies here if access to client applications is needed accessPolicies: [], }, }); // Create a Cognitive Services Account const cognitiveServicesAccount = new azure.cognitiveservices.Account("cognitiveServicesAccount", { resourceGroupName: resourceGroup.name, location: resourceGroup.location, sku: { name: "S0", // S0 is Standard tier, you can change this according to your requirements }, kind: "TextAnalytics", // Change this to the kind of cognitive service needed properties: { // Set the Azure Key Vault properties to secure the keys for Cognitive Services encryption: { keySource: "Microsoft.KeyVault", keyVaultProperties: { keyName: "cogServicesKey", keyVaultUri: keyVault.properties.vaultUri, }, }, }, }); export const keyVaultUri = keyVault.properties.vaultUri; export const cognitiveServicesEndpoint = cognitiveServicesAccount.properties.endpoint;

    In the program:

    • We import the required Pulumi and Azure modules.
    • We create a new resource group in Azure to host our resources.
    • We create a new Key Vault which will store our secrets and keys.
    • We define a Cognitive Services account. In its properties, we specify the encryption details, pointing it to a key in the Key Vault, thus ensuring that our Cognitive Services secrets are secure.
    • Finally, we export the URI of the Key Vault and the endpoint of the Cognitive Services account for easy access later on.

    Make sure to replace 'your-tenant-id' with your actual Azure Tenant ID. You can find your Tenant ID in the Azure Portal.

    When this Pulumi program is run, it will use your Azure subscription credentials to create these resources. You can execute this program using the Pulumi CLI by running pulumi up in the same directory as the script.

    With this setup, you can confidently use Azure Cognitive Services knowing that your keys and secrets are secured in Azure Key Vault.