Skip to content

Keyvault for secrets #492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 42 commits into
base: Development
Choose a base branch
from
Open

Keyvault for secrets #492

wants to merge 42 commits into from

Conversation

@Bionic711
Copy link
Collaborator

@Bionic711 Bionic711 commented Oct 15, 2025

Updates with keyvault helpers to allow saving secrets for agents and plugins to an azure keyvault.
Adds a dynamic UI for additional settings and fallback json support.

  • both auth.key and any additional_setting ending with __Secret (double underscores) is included.
    Various other code improvements to facilitate the above two features.

@nadoylemsft
add crude keyvault base impl
0a1b5ee
@nadoylemsft
upd actions for MAG
be8d0d7
@nadoylemsft
add settings to fix
6bb5fd0
@nadoylemsft
upd secret naming convention
ab28c4f
@nadoylemsft
upd auth types to include conn string/basic(un/pw)
46945e7
@nadoylemsft
fix method name
0662053
@nadoylemsft
add get agent helper
09f7433
@nadoylemsft
add ui trigger word and get agent helper
e24da04
@nadoylemsft
upd function imports
e46afa2
@nadoylemsft
upd agents call
bf5e85a
@nadoylemsft
add desc of plugins
8aeea1a
@nadoylemsft
fix for admin modal loading
a4054ab
@nadoylemsft
upd default agent handling
5cce7bf
@nadoylemsft
rmv unneeded file
5a56bdc
@nadoylemsft
rmv extra imp statements
db6372e
@nadoylemsft
add new cosmos container script
d0aff17
@nadoylemsft
upd instructions for consistency of code
427f01d
@nadoylemsft
adds safe calls for akv functions
33ba357
@nadoylemsft
adds akv to personal agents
07e31c7
@nadoylemsft
fix for user agents boot issue
91f3a86
@nadoylemsft
fix global set
2a23b84
@nadoylemsft
upd azure function plugin to super init
570ec56
@nadoylemsft
upd to clean imports
def744b
@nadoylemsft
add keyvault to global actions loading
3b0b743
@nadoylemsft
add plugin loading docs
a037caa
@nadoylemsft
rmv secret leak via logging
74c200c
@nadoylemsft
rmv displaying of token in logs
509bc63
@nadoylemsft
fix not loading global actions for personal agents
0bb4a6b
@nadoylemsft
rmv unsupported characters from logging
186a6e1
@nadoylemsft
fix chat links in dark mode
f11381c
@Bionic711 Bionic711 requested a review from Copilot October 15, 2025 20:34
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds Azure Key Vault support for storing agent and plugin secrets, introduces dynamic UI for plugin additional settings driven by JSON Schemas, and various loader/refactor updates to support the new features.

  • Key Vault helpers for storing/retrieving/deleting secrets across agents and plugins
  • Dynamic plugin Additional Fields UI (schema-driven) and schema updates
  • Admin UI: Security tab with Key Vault test; loader changes to resolve Key Vault references at runtime

Reviewed Changes

Copilot reviewed 48 out of 49 changed files in this pull request and generated 15 comments.

Show a summary per file
File Description
deployers/New-CosmosContainerDynamicRUs.ps1 Script to migrate/update Cosmos containers to autoscale with a given max RU
application/single_app/templates/admin_settings.html Adds Security tab for Key Vault settings and test button
application/single_app/templates/_sidebar_nav.html Adds Security menu and updates Agents label
application/single_app/templates/_plugin_modal.html Prepares inputs for dynamic auth fields and adds container for dynamic Additional Fields
application/single_app/static/json/schemas/* Adds/updates plugin and additional settings schemas; base plugin schema expanded
application/single_app/static/js/workspace/workspace_plugins.js Improves save flow UX and error display
application/single_app/static/js/validatePlugin.mjs Updates compiled validator for expanded auth types and rules
application/single_app/static/js/plugin_modal_stepper.js Major: dynamic Additional Fields UI builder/collector; auth field toggling; summary updates
application/single_app/static/js/agent_modal_stepper.js Save button UX improvements
application/single_app/static/js/admin/admin_settings.js Adds Key Vault connection test handler
application/single_app/semantic_kernel_plugins/* New UI test plugin; queue storage plugin fix; logged loader changes
application/single_app/semantic_kernel_loader.py Resolves Key Vault secrets at load time; various loader improvements
application/single_app/route_* Routes updated to support/test Key Vault and new flows
application/single_app/functions_* New Key Vault helpers; global/personal actions/agents updated to use KV; settings defaults added
application/single_app/requirements.txt Adds azure-keyvault-secrets
.github/* Workflow and repo instruction updates
Comments suppressed due to low confidence (1)

application/single_app/functions_keyvault.py:1

  • logging.warn is deprecated; use logging.warning instead.
# functions_keyvault.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Bionic711 @nadoylemsft