Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve UX of flowing API keys/env vars through infrastructure #2739

Closed
Tracked by #2654
savannahostrowski opened this issue Sep 13, 2023 · 6 comments · Fixed by #2875
Closed
Tracked by #2654

Improve UX of flowing API keys/env vars through infrastructure #2739

savannahostrowski opened this issue Sep 13, 2023 · 6 comments · Fixed by #2875
Assignees
@weikanglim
Labels
cli core doc impact golden-path Improvements to the getting started experience + golden path (local dev -> first deploy)
Milestone
November 2023 - 1...

Comments

@savannahostrowski
Copy link
Contributor

savannahostrowski commented Sep 13, 2023
edited

Today, setting API keys as environment variables on infra is pretty convoluted --> e.g. copy the contents of your .env into the .azure/<env name>/.env file, add them to main.parameters.json, add params for the keys in main.bicep, pass params into api.bicep module and use in api.bicep secrets.

Talking to @ellismg and @weikanglim about this it seems like we might want to investigate how we leverage Key Vault more heavily here.

Internal link to pain points doc
@savannahostrowski savannahostrowski added this to the Germanium milestone Sep 13, 2023
@savannahostrowski savannahostrowski mentioned this issue Sep 13, 2023
Closed
14 tasks
@weikanglim weikanglim self-assigned this Oct 3, 2023
@savannahostrowski savannahostrowski added doc impact golden-path Improvements to the getting started experience + golden path (local dev -> first deploy) cli core labels Oct 11, 2023
@weikanglim
Copy link
Contributor

weikanglim commented Oct 12, 2023
edited

investigate how we leverage Key Vault more heavily here.

Unfortunately, after some thought, I don't think this can be done easily without expanding azd's infrastructure provision to include a KeyVault seeding state.

The best short term is likely to source from .env / environment variables . I have a PoC here that simplifies it to just defining the settings in main.parameters.json with some bicep magic, in a format like:

main.parameters.json

    "apiSettings": {
      "value": {
        "settings": [
          {
            "name": "OPENAI_API_KEY",
            "value": "${OPENAI_API_KEY}",
            "secret": true
          },
          {
            "name": "OMDB_API_KEY",
            "value": "${OMDB_API_KEY}",
            "secret": true
          }
        ]
      }
  }

Note: The extra node for settings is required since @secure() can only be applied to bicep objects at this time.

But with this change, users can either do azd env set or move configuration into .env, and only need to define it in main.parameters.json.

@savannahostrowski
Copy link
Contributor Author

savannahostrowski commented Oct 12, 2023
edited

Looking at that POC, we could generate all but what's in the main.parameters.json right? So then the user only really has to touch that single file or use azd env set to pass the keys? If that's true, that's a big improvement IMO and a great start.

@weikanglim
Copy link
Contributor

Correct. User has to provide the value via env set, then wire up in main.parameters.json, but that's it.

I think this aligns with what @ellismg mentioned to me as what we can do short-term in passing as well.

@savannahostrowski
Copy link
Contributor Author

I mean, that's much better than what we have today.

Longer term, it'd be nice if we could have a gesture to eliminate having to touch the Bicep at all but this is a start.

This was referenced Oct 16, 2023
Open
Merged
@vhvb1989
Copy link
Member

using file.parametes.json won't work for the bicepparams approach

@weikanglim
Copy link
Contributor

weikanglim commented Oct 17, 2023
edited

@vhvb1989 There's a direct translation to make this work in bicepparams world. This feature takes a dependency on env-var substitution, which is an existing dependency. Separate from that, we could easily move the same settings defined in parameters.json to bicepparams world.

The change hasn't been made to switch over, since we currently depend on secretsOrRandom for PostgreSQL.

@savannahostrowski savannahostrowski mentioned this issue Oct 17, 2023
Closed
weikanglim added a commit that referenced this issue Oct 24, 2023
@weikanglim
Allow app settings to be configured in main.parameters.json for sim…
e13bfa0 
…plified init apps (#2875)

Allow app settings to be configured in `main.parameters.json` for simplified init apps.

To this end, the bicep files in simplified init apps has been updated to allow flowing of any required app settings to the container app host, which enables configuration to be done simply through `main.parameters.json`.

To ease discovery, the generated `main.parameters.json` includes placeholder values and documentation. `next-steps.md` has also been updated to include the information.

Fixes #2739
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@weikanglim weikanglim

Labels
cli core doc impact golden-path Improvements to the getting started experience + golden path (local dev -> first deploy)
Projects
None yet
Milestone
November 2023 - 1.5.0
4 participants
@weikanglim @savannahostrowski @rajeshkamal5050 @vhvb1989