or run

tessl search
Log in

Version

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
golangpkg:golang/github.com/Azure/azure-sdk-for-go/sdk/ai/azopenai@v0.9.0

docs

authentication.mdazure-on-your-data.mdcontent-filtering.mdindex.mdtypes.md
tile.json

tessl/golang-github-com-azure-azure-sdk-for-go-sdk-ai-azopenai

tessl install tessl/golang-github-com-azure-azure-sdk-for-go-sdk-ai-azopenai@0.9.0

Azure OpenAI extensions module for Go providing models and convenience functions to simplify integration with Azure OpenAI features.

authentication.mddocs/

Authentication

The azopenai package supports multiple authentication methods for data sources and vectorization endpoints. Different data source types support different authentication mechanisms.

Authentication for Data Sources

Data source configurations use the OnYourDataAuthenticationOptionsClassification interface to specify authentication:

type OnYourDataAuthenticationOptionsClassification interface {
    GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
}

Base Authentication Type

type OnYourDataAuthenticationOptions struct {
    Type *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions

type OnYourDataAuthenticationType string

const (
    OnYourDataAuthenticationTypeAPIKey                          OnYourDataAuthenticationType = "api_key"
    OnYourDataAuthenticationTypeAccessToken                     OnYourDataAuthenticationType = "access_token"
    OnYourDataAuthenticationTypeConnectionString                OnYourDataAuthenticationType = "connection_string"
    OnYourDataAuthenticationTypeEncodedAPIKey                   OnYourDataAuthenticationType = "encoded_api_key"
    OnYourDataAuthenticationTypeKeyAndKeyID                     OnYourDataAuthenticationType = "key_and_key_id"
    OnYourDataAuthenticationTypeSystemAssignedManagedIdentity   OnYourDataAuthenticationType = "system_assigned_managed_identity"
    OnYourDataAuthenticationTypeUserAssignedManagedIdentity     OnYourDataAuthenticationType = "user_assigned_managed_identity"
    OnYourDataAuthenticationTypeUsernameAndPassword             OnYourDataAuthenticationType = "username_and_password"
)

func PossibleOnYourDataAuthenticationTypeValues() []OnYourDataAuthenticationType

Authentication Methods

API Key Authentication

Used for data sources that support API key authentication:

type OnYourDataAPIKeyAuthenticationOptions struct {
    Key  *string                       // REQUIRED; The API key
    Type *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataAPIKeyAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataAPIKeyAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataAPIKeyAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataAPIKeyAuthenticationOptions{
    Key:  to.Ptr("your-api-key"),
    Type: to.Ptr(azopenai.OnYourDataAuthenticationTypeAPIKey),
}

dataSource := &azopenai.AzureSearchChatExtensionConfiguration{
    Parameters: &azopenai.AzureSearchChatExtensionParameters{
        Endpoint:       to.Ptr("https://search.windows.net"),
        IndexName:      to.Ptr("my-index"),
        Authentication: auth,
    },
}

Supported By: Azure AI Search, Pinecone

Access Token Authentication

Used for MongoDB and other services supporting bearer token authentication:

type OnYourDataAccessTokenAuthenticationOptions struct {
    AccessToken *string                       // REQUIRED; The access token
    Type        *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataAccessTokenAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataAccessTokenAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataAccessTokenAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataAccessTokenAuthenticationOptions{
    AccessToken: to.Ptr("your-access-token"),
    Type:        to.Ptr(azopenai.OnYourDataAuthenticationTypeAccessToken),
}

Supported By: MongoDB

Connection String Authentication

Used for Azure Cosmos DB and other services supporting connection strings:

type OnYourDataConnectionStringAuthenticationOptions struct {
    ConnectionString *string                       // REQUIRED; The connection string
    Type             *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataConnectionStringAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataConnectionStringAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataConnectionStringAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataConnectionStringAuthenticationOptions{
    ConnectionString: to.Ptr("mongodb://username:password@host:port/database"),
    Type:             to.Ptr(azopenai.OnYourDataAuthenticationTypeConnectionString),
}

Supported By: Azure Cosmos DB for MongoDB vCore

Encoded API Key Authentication (Elasticsearch)

Used for Elasticsearch with base64-encoded API keys:

type OnYourDataEncodedAPIKeyAuthenticationOptions struct {
    EncodedAPIKey *string                       // REQUIRED; The encoded API key
    Type          *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataEncodedAPIKeyAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataEncodedAPIKeyAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataEncodedAPIKeyAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataEncodedAPIKeyAuthenticationOptions{
    EncodedAPIKey: to.Ptr("base64-encoded-key"),
    Type:          to.Ptr(azopenai.OnYourDataAuthenticationTypeEncodedAPIKey),
}

Supported By: Elasticsearch

Key and Key ID Authentication (Elasticsearch)

Used for Elasticsearch with separate key and key ID:

type OnYourDataKeyAndKeyIDAuthenticationOptions struct {
    Key   *string                       // REQUIRED; The key
    KeyID *string                       // REQUIRED; The key ID
    Type  *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataKeyAndKeyIDAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataKeyAndKeyIDAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataKeyAndKeyIDAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataKeyAndKeyIDAuthenticationOptions{
    Key:   to.Ptr("your-key"),
    KeyID: to.Ptr("your-key-id"),
    Type:  to.Ptr(azopenai.OnYourDataAuthenticationTypeKeyAndKeyID),
}

Supported By: Elasticsearch

System-Assigned Managed Identity

Used for Azure resources with system-assigned managed identities:

type OnYourDataSystemAssignedManagedIdentityAuthenticationOptions struct {
    Type *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataSystemAssignedManagedIdentityAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataSystemAssignedManagedIdentityAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataSystemAssignedManagedIdentityAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataSystemAssignedManagedIdentityAuthenticationOptions{
    Type: to.Ptr(azopenai.OnYourDataAuthenticationTypeSystemAssignedManagedIdentity),
}

dataSource := &azopenai.AzureSearchChatExtensionConfiguration{
    Parameters: &azopenai.AzureSearchChatExtensionParameters{
        Endpoint:       to.Ptr("https://search.windows.net"),
        IndexName:      to.Ptr("my-index"),
        Authentication: auth,
    },
}

Supported By: Azure AI Search, MongoDB

User-Assigned Managed Identity

Used for Azure resources with user-assigned managed identities:

type OnYourDataUserAssignedManagedIdentityAuthenticationOptions struct {
    ManagedIdentityResourceID *string                       // REQUIRED; Resource ID of the managed identity
    Type                      *OnYourDataAuthenticationType // REQUIRED
}

func (o *OnYourDataUserAssignedManagedIdentityAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataUserAssignedManagedIdentityAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataUserAssignedManagedIdentityAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataUserAssignedManagedIdentityAuthenticationOptions{
    ManagedIdentityResourceID: to.Ptr("/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-identity"),
    Type:                      to.Ptr(azopenai.OnYourDataAuthenticationTypeUserAssignedManagedIdentity),
}

Supported By: Azure AI Search, MongoDB

Username and Password Authentication

Used for MongoDB with username and password credentials:

type OnYourDataUsernameAndPasswordAuthenticationOptions struct {
    Password *string                       // REQUIRED; The password
    Type     *OnYourDataAuthenticationType // REQUIRED
    Username *string                       // REQUIRED; The username
}

func (o *OnYourDataUsernameAndPasswordAuthenticationOptions) GetOnYourDataAuthenticationOptions() *OnYourDataAuthenticationOptions
func (o OnYourDataUsernameAndPasswordAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataUsernameAndPasswordAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

auth := &azopenai.OnYourDataUsernameAndPasswordAuthenticationOptions{
    Username: to.Ptr("admin"),
    Password: to.Ptr("password"),
    Type:     to.Ptr(azopenai.OnYourDataAuthenticationTypeUsernameAndPassword),
}

Supported By: MongoDB

Authentication for Vector Search Endpoints

When using endpoint-based vectorization, different authentication options apply:

type OnYourDataVectorSearchAuthenticationOptionsClassification interface {
    GetOnYourDataVectorSearchAuthenticationOptions() *OnYourDataVectorSearchAuthenticationOptions
}

Base Vector Search Authentication

type OnYourDataVectorSearchAuthenticationOptions struct {
    Type *OnYourDataVectorSearchAuthenticationType // REQUIRED
}

func (o *OnYourDataVectorSearchAuthenticationOptions) GetOnYourDataVectorSearchAuthenticationOptions() *OnYourDataVectorSearchAuthenticationOptions

type OnYourDataVectorSearchAuthenticationType string

const (
    OnYourDataVectorSearchAuthenticationTypeAPIKey      OnYourDataVectorSearchAuthenticationType = "api_key"
    OnYourDataVectorSearchAuthenticationTypeAccessToken OnYourDataVectorSearchAuthenticationType = "access_token"
)

func PossibleOnYourDataVectorSearchAuthenticationTypeValues() []OnYourDataVectorSearchAuthenticationType

Vector Search API Key

type OnYourDataVectorSearchAPIKeyAuthenticationOptions struct {
    Key  *string                                   // REQUIRED; The API key
    Type *OnYourDataVectorSearchAuthenticationType // REQUIRED
}

func (o *OnYourDataVectorSearchAPIKeyAuthenticationOptions) GetOnYourDataVectorSearchAuthenticationOptions() *OnYourDataVectorSearchAuthenticationOptions
func (o OnYourDataVectorSearchAPIKeyAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataVectorSearchAPIKeyAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

vectorAuth := &azopenai.OnYourDataVectorSearchAPIKeyAuthenticationOptions{
    Key:  to.Ptr("your-embedding-api-key"),
    Type: to.Ptr(azopenai.OnYourDataVectorSearchAuthenticationTypeAPIKey),
}

vectorSource := &azopenai.OnYourDataEndpointVectorizationSource{
    Endpoint:       to.Ptr("https://resource.openai.azure.com/openai/deployments/embedding/embeddings"),
    Authentication: vectorAuth,
    Type:           to.Ptr(azopenai.OnYourDataVectorizationSourceTypeEndpoint),
}

Vector Search Access Token

type OnYourDataVectorSearchAccessTokenAuthenticationOptions struct {
    AccessToken *string                                   // REQUIRED; The access token
    Type        *OnYourDataVectorSearchAuthenticationType // REQUIRED
}

func (o *OnYourDataVectorSearchAccessTokenAuthenticationOptions) GetOnYourDataVectorSearchAuthenticationOptions() *OnYourDataVectorSearchAuthenticationOptions
func (o OnYourDataVectorSearchAccessTokenAuthenticationOptions) MarshalJSON() ([]byte, error)
func (o *OnYourDataVectorSearchAccessTokenAuthenticationOptions) UnmarshalJSON(data []byte) error

Example:

vectorAuth := &azopenai.OnYourDataVectorSearchAccessTokenAuthenticationOptions{
    AccessToken: to.Ptr("your-access-token"),
    Type:        to.Ptr(azopenai.OnYourDataVectorSearchAuthenticationTypeAccessToken),
}

Supported Authentication Methods by Data Source

Data SourceSupported Authentication Methods
Azure AI SearchAPIKey, SystemAssignedManagedIdentity, UserAssignedManagedIdentity
Azure Cosmos DBConnectionString
ElasticsearchKeyAndKeyID, EncodedAPIKey
MongoDBAccessToken, SystemAssignedManagedIdentity, UserAssignedManagedIdentity, UsernameAndPassword
PineconeAPIKey

Default Authentication Behavior

If no authentication is specified, Azure OpenAI On Your Data attempts to use System Managed Identity (default credential) authentication.

Security Best Practices

  1. Prefer Managed Identity: When running in Azure, use managed identity authentication to avoid storing credentials.

  2. Use Environment Variables: Store API keys and connection strings in environment variables, not in code.

  3. Rotate Credentials: Regularly rotate API keys and access tokens.

  4. Minimum Permissions: Grant data sources the minimum permissions required (read-only access is typically sufficient).

  5. Secure Transmission: All authentication credentials are transmitted over HTTPS.

  6. Key Vault Integration: For production workloads, store secrets in Azure Key Vault and retrieve them at runtime.

Example with environment variables:

import "os"

auth := &azopenai.OnYourDataAPIKeyAuthenticationOptions{
    Key:  to.Ptr(os.Getenv("SEARCH_API_KEY")),
    Type: to.Ptr(azopenai.OnYourDataAuthenticationTypeAPIKey),
}