Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Speech Service Key/Region #101

Closed
1 of 2 tasks
hunterjam opened this issue Dec 11, 2023 · 4 comments · Fixed by #697
Closed
1 of 2 tasks

Secure Speech Service Key/Region #101

hunterjam opened this issue Dec 11, 2023 · 4 comments · Fixed by #697
Assignees
@cecheta
Labels
enhancement New feature or request

Comments

@hunterjam
Copy link
Collaborator

hunterjam commented Dec 11, 2023
edited by cecheta
Loading

Motivation

Ensure sensitive credentials cannot be exposed. We are currently returning the Azure Speech Key from the /api/config endpoint in plain text

chat-with-your-data-solution-accelerator/code/app.py

Lines 32 to 40 in ede0d6d

@app.route("/api/config", methods=["GET"])
def get_config():
# Return the configuration data as JSON
return jsonify(
{
"azureSpeechKey": env_helper.AZURE_SPEECH_KEY,
"azureSpeechRegion": env_helper.AZURE_SPEECH_SERVICE_REGION,
}
)

How would you feel if this feature request was implemented?

secure

Requirements

Tasks

To be filled in by the engineer picking up the issue
@hunterjam hunterjam mentioned this issue Dec 11, 2023
Merged
@adamdougal adamdougal added the enhancement New feature or request label Dec 15, 2023
@ross-p-smith ross-p-smith mentioned this issue Jan 3, 2024
Merged
@ross-p-smith
Copy link
Collaborator

The solution now has KeyVault - should this be utilised?

@adamdougal
Copy link
Collaborator

adamdougal commented Mar 12, 2024
edited
Loading

The solution now has KeyVault - should this be utilised?

Looks like we are now using Key Vault. I think this is more that the key is returned in plain text from the /api/config end point 😬

chat-with-your-data-solution-accelerator/code/app.py

Lines 32 to 40 in ede0d6d

@app.route("/api/config", methods=["GET"])
def get_config():
# Return the configuration data as JSON
return jsonify(
{
"azureSpeechKey": env_helper.AZURE_SPEECH_KEY,
"azureSpeechRegion": env_helper.AZURE_SPEECH_SERVICE_REGION,
}
)

I'll reword the issue to be clearer.

@superhindupur
Copy link
Collaborator

https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/js/browser/README.md#token-exchange-process can be relevant for this task

@cecheta cecheta mentioned this issue Apr 12, 2024
Closed
3 tasks
@cecheta cecheta self-assigned this Apr 12, 2024
@cecheta cecheta mentioned this issue Apr 15, 2024
Merged
@cecheta
Copy link
Collaborator

cecheta commented Apr 16, 2024
edited
Loading

After discussing with the team, it has been decided to remove the /api/config endpoint entirely, as there is no requirement for the endpoint, and to have the endpoint while also masking secrets is non-trivial.

If such a requirement arises, the endpoint may be added back to the application.

This was referenced Apr 16, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cecheta cecheta

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace config endpoint with healthcheck Azure-Samples/chat-with-your-data-solution-accelerator
5 participants
@adamdougal @superhindupur @ross-p-smith @hunterjam @cecheta