Skip to content

MAINT Migrate Azure Cognitive Services from API key to Entra ID authentication#1404

Open
romanlutz wants to merge 10 commits intoAzure:mainfrom
romanlutz:romanlutz/entra-auth-migration
Open

MAINT Migrate Azure Cognitive Services from API key to Entra ID authentication#1404
romanlutz wants to merge 10 commits intoAzure:mainfrom
romanlutz:romanlutz/entra-auth-migration

Conversation

@romanlutz
Copy link
Contributor

@romanlutz romanlutz commented Feb 26, 2026

Summary

This PR removes API key (local auth) dependencies for all Azure Cognitive Services targets in PyRIT, replacing them with Entra ID (Azure AD) token-based
authentication. This is in preparation for disabling local auth across 62 CogSvc resources in the AI Red Team Tooling and Trustworthy Machine Learning
subscriptions.

Changes

Core: AIRTTargetInitializer

  • Removed key_var from 16 Azure TargetConfig entries (OpenAI Chat, Responses, Image, Video, TTS, Content Safety, PromptShield)
  • Updated _register_target() to auto-detect Azure endpoints and use Entra auth: async token provider for OpenAI SDK targets, sync token provider for
    PromptShieldTarget
  • Non-Azure targets (platform OpenAI, Groq, OpenRouter, Ollama, Google Gemini) continue using API keys

Notebooks (15 .py + .ipynb pairs)

  • Replaced api_key=os.getenv("AZURE_*_KEY") with get_azure_openai_auth(endpoint) or get_azure_token_provider(scope)
  • All notebooks re-executed with jupytext --execute to validate Entra auth works end-to-end

.env_example

  • Removed 21 Azure CogSvc key lines that are no longer needed

Bug fixes (found during migration)

  • HTTPTarget re.sub bug: LLM responses containing \u unicode escapes caused re.sub to fail. Fixed by using lambda replacement.
  • HTTP notebook URL: Was posting to wrong path (/openai/v1?api-version=... → 404). Fixed to use /openai/v1/chat/completions with model in body.
  • HTTPTarget content filter detection: Empty responses from content-filtered requests were silently returned as success. Now detected and returned as
    error/blocked type, consistent with other targets.

Other improvements

  • Image editing notebook cell now uses gpt-image-1 (ENDPOINT2) since dall-e-3 doesn't support editing
  • Fixed Playwright Copilot Target notebook title (added "10.2" prefix)

What's NOT changing

  • Non-Azure targets: Platform OpenAI, Groq, OpenRouter, Ollama, Google Gemini, Anthropic — keep API keys
  • Azure ML: Not a Cognitive Services resource — keeps API keys
  • XPIA website: Code updated for Entra auth but not re-executed (requires separate infrastructure)

Testing

  • 22 unit tests pass (including 2 new content filter tests, 1 new Entra auth test)
  • 18+ notebooks executed successfully with Entra auth

romanlutz and others added 10 commits February 25, 2026 12:14
@romanlutz
Migrate Azure Cognitive Services targets from API key to Entra ID auth
d595d09 
- Update AIRTTargetInitializer to use get_azure_openai_auth() for Azure
  OpenAI targets and get_azure_token_provider() for PromptShieldTarget
  instead of API key environment variables
- Remove key_var from all Azure target configs in TARGET_CONFIGS
- Update 15 notebook .py files to use Entra auth for Azure endpoints
- Non-Azure targets (platform OpenAI, Groq, Google, etc.) keep API keys
- Update unit tests to mock Entra auth providers

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Update .env_example and execute notebooks with Entra auth
2c84416 
- Remove Azure CogSvc API key lines from .env_example
- Update .env_example header to reflect Entra auth is the default
- Re-execute 13 notebooks with jupytext --execute to verify Entra auth
  works and populate cell outputs

All notebooks pass except:
- 10_http_target: second cell fails with pre-existing regex bug (unrelated)
- 7_azure_sql_memory_attacks: fails due to az login not available in
  kernel subprocess (infrastructure issue, not auth)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Execute 10_http_target notebook with Entra auth outputs
3a5ee23 
Cell 1 (AOAI example) succeeds with Entra auth.
Cell 2 (Red Teaming) fails due to pre-existing regex bug in HTTPTarget.
BIC cells are not executable (require browser cookies).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Fix playwright title, restore xpia outputs, execute Azure SQL notebook
27fa2e4 
- Add '10.2' to Playwright Copilot Target title in .py and .ipynb
- Restore xpia website notebook outputs from main
- Execute 7_azure_sql_memory_attacks notebook (all 4 cells pass)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Fix re.sub bug in HTTPTarget and re-execute notebook
e20c710 
Use lambda in re.sub to prevent backslash interpretation in LLM
response text (e.g. \u unicode escapes). All cells now pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Execute image, video, and TTS target notebooks with Entra auth
104520a 
All three notebooks pass with Entra auth via AIRTTargetInitializer.
Image notebook cell 2 (image editing) has pre-existing model error.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Use gpt-image-1 (endpoint 2) for image editing cell
f9b452f 
dall-e-3 does not support image editing. Switch to OPENAI_IMAGE_ENDPOINT2
(gpt-image-1) with Entra auth for the editing example.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Re-execute HTTP target notebook with fresh outputs
bf444a9 
Empty assistant responses are due to content filtering on the Azure
endpoint, not auth issues. Auth works correctly with Entra tokens.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Fix HTTP target: correct URL, content filter detection, unit tests
6f09583 
- Fix notebook URL: use /chat/completions path (was getting 404s)
- Add model field to raw HTTP request body
- Detect content-filtered responses and return error type
- Add 2 unit tests for content filter handling

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Revert .env_example changes
affd619 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@romanlutz