1. Secure Access to AI Service APIs via Azure Key Vault


    To secure access to AI service APIs via Azure Key Vault, you'll need to set up a few Azure resources:

    1. An Azure Key Vault to store secrets such as API keys securely.
    2. A Secret within the Azure Key Vault that represents the API key for the AI service.

    Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates.

    Below is a Pulumi program written in Python that sets up an Azure Key Vault and adds a secret to it representing the API key for an AI service. For simplicity, we're creating a secret with a placeholder value – you'd replace this with your actual API key.

    import pulumi import pulumi_azure_native.keyvault as keyvault import pulumi_azure_native.resources as resources # Create an Azure resource group, a logical container into which Azure resources are deployed and managed resource_group = resources.ResourceGroup('resource_group') # Create an Azure Key Vault for securely storing API keys key_vault = keyvault.Vault('key_vault', resource_group_name=resource_group.name, location=resource_group.location, properties=keyvault.VaultPropertiesArgs( tenant_id=pulumi.Config('azure-native').require('tenantId'), # Your Azure tenant ID sku=keyvault.SkuArgs( name='standard', # The SKU for the vault. The standard SKU is intended for use cases that don't require premium capabilities. family='A' ), access_policies=[], # Define access policies here soft_delete_retention_in_days=7, # Soft delete allows recovery of the deleted vault and its content within this period ) ) # Create an Azure Key Vault Secret api_secret = keyvault.Secret('api_secret', resource_group_name=resource_group.name, vault_name=key_vault.name, properties=keyvault.SecretPropertiesArgs( # The value of the secret. You should secure this in your configuration, not in code directly. value='your_ai_service_api_key', ) ) # Export the Azure Key Vault's URI pulumi.export('key_vault_uri', key_vault.properties.apply(lambda prop: prop.vault_uri)) # Export the secret name pulumi.export('secret_name', api_secret.name)

    This program performs the following actions:

    • It creates a resource group using resources.ResourceGroup. This group is used to organize all the resources in Azure.
    • It provisions an Azure Key Vault using keyvault.Vault. This vault is where the API keys will be stored.
    • It stores a secret using keyvault.Secret. The secret holds the placeholder for your AI service API key.

    In a real-world scenario, you need to replace 'your_ai_service_api_key' with the actual API key for the AI service you're using. Remember to never hard-code secrets in your code; this is just for illustration purposes. It's best practice to use configuration files or environment variables to handle secrets.

    Additionally, you'll need to specify the Azure tenant ID where you want to create these resources. The pulumi.Config('azure-native').require('tenantId') line is used to pull your tenant ID from the Pulumi configuration system.

    Once you've run this Pulumi program, you'll have a secure location (the Key Vault) from which you can programmatically access secrets for your AI service APIs. You can reference the secret in your applications by using the URI and name outputted by the program.

    Remember, you will need the Azure provider configured with appropriate credentials to run this program successfully. Typically, this would be done using the Azure CLI and running az login before executing Pulumi commands.