Skip to content

MAINT Migrate Azure Cognitive Services from API key to Entra ID authentication#1404

Open
romanlutz wants to merge 10 commits intoAzure:mainfrom
romanlutz:romanlutz/entra-auth-migration
Open

MAINT Migrate Azure Cognitive Services from API key to Entra ID authentication#1404
romanlutz wants to merge 10 commits intoAzure:mainfrom
romanlutz:romanlutz/entra-auth-migration

Conversation

@romanlutz
Copy link
Contributor

Summary

This PR removes API key (local auth) dependencies for all Azure Cognitive Services targets in PyRIT, replacing them with Entra ID (Azure AD) token-based
authentication. This is in preparation for disabling local auth across 62 CogSvc resources in the AI Red Team Tooling and Trustworthy Machine Learning
subscriptions.

Changes

Core: AIRTTargetInitializer

  • Removed key_var from 16 Azure TargetConfig entries (OpenAI Chat, Responses, Image, Video, TTS, Content Safety, PromptShield)
  • Updated _register_target() to auto-detect Azure endpoints and use Entra auth: async token provider for OpenAI SDK targets, sync token provider for
    PromptShieldTarget
  • Non-Azure targets (platform OpenAI, Groq, OpenRouter, Ollama, Google Gemini) continue using API keys

Notebooks (15 .py + .ipynb pairs)

  • Replaced api_key=os.getenv("AZURE_*_KEY") with get_azure_openai_auth(endpoint) or get_azure_token_provider(scope)
  • All notebooks re-executed with jupytext --execute to validate Entra auth works end-to-end

.env_example

  • Removed 21 Azure CogSvc key lines that are no longer needed

Bug fixes (found during migration)

  • HTTPTarget re.sub bug: LLM responses containing \u unicode escapes caused re.sub to fail. Fixed by using lambda replacement.
  • HTTP notebook URL: Was posting to wrong path (/openai/v1?api-version=... → 404). Fixed to use /openai/v1/chat/completions with model in body.
  • HTTPTarget content filter detection: Empty responses from content-filtered requests were silently returned as success. Now detected and returned as
    error/blocked type, consistent with other targets.

Other improvements

  • Image editing notebook cell now uses gpt-image-1 (ENDPOINT2) since dall-e-3 doesn't support editing
  • Fixed Playwright Copilot Target notebook title (added "10.2" prefix)

What's NOT changing

  • Non-Azure targets: Platform OpenAI, Groq, OpenRouter, Ollama, Google Gemini, Anthropic — keep API keys
  • Azure ML: Not a Cognitive Services resource — keeps API keys
  • XPIA website: Code updated for Entra auth but not re-executed (requires separate infrastructure)

Testing

  • 22 unit tests pass (including 2 new content filter tests, 1 new Entra auth test)
  • 18+ notebooks executed successfully with Entra auth

romanlutz and others added 10 commits February 25, 2026 12:14
- Update AIRTTargetInitializer to use get_azure_openai_auth() for Azure
  OpenAI targets and get_azure_token_provider() for PromptShieldTarget
  instead of API key environment variables
- Remove key_var from all Azure target configs in TARGET_CONFIGS
- Update 15 notebook .py files to use Entra auth for Azure endpoints
- Non-Azure targets (platform OpenAI, Groq, Google, etc.) keep API keys
- Update unit tests to mock Entra auth providers

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Remove Azure CogSvc API key lines from .env_example
- Update .env_example header to reflect Entra auth is the default
- Re-execute 13 notebooks with jupytext --execute to verify Entra auth
  works and populate cell outputs

All notebooks pass except:
- 10_http_target: second cell fails with pre-existing regex bug (unrelated)
- 7_azure_sql_memory_attacks: fails due to az login not available in
  kernel subprocess (infrastructure issue, not auth)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Cell 1 (AOAI example) succeeds with Entra auth.
Cell 2 (Red Teaming) fails due to pre-existing regex bug in HTTPTarget.
BIC cells are not executable (require browser cookies).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add '10.2' to Playwright Copilot Target title in .py and .ipynb
- Restore xpia website notebook outputs from main
- Execute 7_azure_sql_memory_attacks notebook (all 4 cells pass)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use lambda in re.sub to prevent backslash interpretation in LLM
response text (e.g. \u unicode escapes). All cells now pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
All three notebooks pass with Entra auth via AIRTTargetInitializer.
Image notebook cell 2 (image editing) has pre-existing model error.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
dall-e-3 does not support image editing. Switch to OPENAI_IMAGE_ENDPOINT2
(gpt-image-1) with Entra auth for the editing example.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Empty assistant responses are due to content filtering on the Azure
endpoint, not auth issues. Auth works correctly with Entra tokens.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fix notebook URL: use /chat/completions path (was getting 404s)
- Add model field to raw HTTP request body
- Detect content-filtered responses and return error type
- Add 2 unit tests for content filter handling

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant