⭐ If you like this sample, star it on GitHub — it helps a lot!
Overview • Get started • Run the sample • Resources • Guidance
This sample shows how to to provision an Azure OpenAI account with an RBAC role permission for your user account to access, so that you can use the OpenAI API SDKs with keyless (Entra) authentication. Keyless authentication is a recommended security practice to reduce risks with API keys.
There are multiple ways to get started with this project.
The quickest way is to use GitHub Codespaces that provides a preconfigured environment for you. Alternatively, you can set up your local environment following the instructions below.
You need to install following tools to work on your local machine:
- Node.js LTS
- Azure Developer CLI
- Git
- PowerShell 7+ (for Windows users only)
- Important: Ensure you can run
pwsh.exefrom a PowerShell command. If this fails, you likely need to upgrade PowerShell. - Instead of Powershell, you can also use Git Bash or WSL to run the Azure Developer CLI commands.
- Important: Ensure you can run
Then you can get the project code:
- Fork the project to create your own copy of this repository.
- On your forked repository, select the Code button, then the Local tab, and copy the URL of your forked repository.
git clone <your-repo-url>
You can run this project directly in your browser by using GitHub Codespaces, which will open a web-based VS Code:
A similar option to Codespaces is VS Code Dev Containers, that will open the project in your local VS Code instance using the Dev Containers extension.
You will also need to have Docker installed on your machine to run the container.
- Azure account. If you're new to Azure, get an Azure account for free to get free Azure credits to get started. If you're a student, you can also get free credits with Azure for Students.
- Azure subscription with access enabled for the Azure OpenAI service. You can request access with this form.
- Azure account permissions:
- Your Azure account must have
Microsoft.Authorization/roleAssignments/writepermissions, such as Role Based Access Control Administrator, User Access Administrator, or Owner. If you don't have subscription-level permissions, you must be granted RBAC for an existing resource group and deploy to that existing group by running these commands:azd env set AZURE_RESOURCE_GROUP <name of existing resource group> azd env set AZURE_LOCATION <location of existing resource group>
- Your Azure account also needs
Microsoft.Resources/deployments/writepermissions on the subscription level.
- Your Azure account must have
Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage. However, you can use the Azure pricing calculator for the resources below to get an estimate.
- Azure OpenAI: Standard tier, GPT model. Pricing per 1K tokens used, and at least 1K tokens are used per question. Pricing
- Open a terminal and navigate to the root of the project.
- Authenticate with Azure by running
azd auth login. - Run
azd provisionto provision the Azure resources.- You will be prompted to select a location for your OpenAI resource. If you're unsure of which location to choose, select
eastus2. See OpenAI model availability table for more information.
- You will be prompted to select a location for your OpenAI resource. If you're unsure of which location to choose, select
The deployment process will take a few minutes. Once it's done, a .env file will be created in the root folder with the environment variables needed to run the application.
First make sure you have provisioned the Azure OpenAI resources, and that you have the .env file in the root folder.
- Run
npm installto install the dependencies. - Run
npm startto run the example.
This will use the OpenAI SDK to make a request to the OpenAI API and print the response to the console.
To clean up all the Azure resources created by this sample:
- Run
azd down --purge - When asked if you are sure you want to continue, enter
y
The resource group and all the resources will be deleted.
Here are some resources to learn more about Azure OpenAI and related technologies:
- Serverless AI Chat sample
- Generative AI For Beginners
- Azure OpenAI Service
- Chat + Enterprise data with Azure OpenAI and Azure AI Search
You can also find more Azure AI samples here.
This template uses model gpt-35-turbo (0613) which may not be available in all Azure regions. Check for up-to-date region availability and select a region during deployment accordingly.
We recommend using East US 2 if you're unsure of which region to choose.
This template has Managed Identity built in to eliminate the need for developers to manage these credentials. Applications can use managed identities to obtain Microsoft Entra tokens without having to handle any secrets in the code. Additionally, we're using Microsoft Security DevOps GitHub Action to scan the infrastructure-as-code files and generates a report containing any detected issues.
If you have any issue when running or deploying this sample, please check the troubleshooting guide. If you can't find a solution to your problem, please open an issue in this repository.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.