Keyvault for secrets #492
Merged
Keyvault for secrets #492
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
Adds Azure Key Vault support for storing agent and plugin secrets, introduces dynamic UI for plugin additional settings driven by JSON Schemas, and various loader/refactor updates to support the new features.
- Key Vault helpers for storing/retrieving/deleting secrets across agents and plugins
- Dynamic plugin Additional Fields UI (schema-driven) and schema updates
- Admin UI: Security tab with Key Vault test; loader changes to resolve Key Vault references at runtime
Reviewed Changes
Copilot reviewed 48 out of 49 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| deployers/New-CosmosContainerDynamicRUs.ps1 | Script to migrate/update Cosmos containers to autoscale with a given max RU |
| application/single_app/templates/admin_settings.html | Adds Security tab for Key Vault settings and test button |
| application/single_app/templates/_sidebar_nav.html | Adds Security menu and updates Agents label |
| application/single_app/templates/_plugin_modal.html | Prepares inputs for dynamic auth fields and adds container for dynamic Additional Fields |
| application/single_app/static/json/schemas/* | Adds/updates plugin and additional settings schemas; base plugin schema expanded |
| application/single_app/static/js/workspace/workspace_plugins.js | Improves save flow UX and error display |
| application/single_app/static/js/validatePlugin.mjs | Updates compiled validator for expanded auth types and rules |
| application/single_app/static/js/plugin_modal_stepper.js | Major: dynamic Additional Fields UI builder/collector; auth field toggling; summary updates |
| application/single_app/static/js/agent_modal_stepper.js | Save button UX improvements |
| application/single_app/static/js/admin/admin_settings.js | Adds Key Vault connection test handler |
| application/single_app/semantic_kernel_plugins/* | New UI test plugin; queue storage plugin fix; logged loader changes |
| application/single_app/semantic_kernel_loader.py | Resolves Key Vault secrets at load time; various loader improvements |
| application/single_app/route_* | Routes updated to support/test Key Vault and new flows |
| application/single_app/functions_* | New Key Vault helpers; global/personal actions/agents updated to use KV; settings defaults added |
| application/single_app/requirements.txt | Adds azure-keyvault-secrets |
| .github/* | Workflow and repo instruction updates |
Comments suppressed due to low confidence (1)
application/single_app/functions_keyvault.py:1
- logging.warn is deprecated; use logging.warning instead.
# functions_keyvault.py
application/single_app/semantic_kernel_plugins/logged_plugin_loader.py
Outdated
Show resolved
Hide resolved
application/single_app/static/json/schemas/ui_test_plugin.plugin.schema.json
Outdated
Show resolved
Hide resolved
application/single_app/static/json/schemas/ui_test_plugin.plugin.schema.json
Show resolved
Hide resolved
paullizer
added a commit
that referenced
this pull request
Nov 12, 2025
* Keyvault for secrets (#492) * add crude keyvault base impl * upd actions for MAG * add settings to fix * upd secret naming convention * upd auth types to include conn string/basic(un/pw) * fix method name * add get agent helper * add ui trigger word and get agent helper * upd function imports * upd agents call * add desc of plugins * fix for admin modal loading * upd default agent handling * rmv unneeded file * rmv extra imp statements * add new cosmos container script * upd instructions for consistency of code * adds safe calls for akv functions * adds akv to personal agents * fix for user agents boot issue * fix global set * upd azure function plugin to super init * upd to clean imports * add keyvault to global actions loading * add plugin loading docs * rmv secret leak via logging * rmv displaying of token in logs * fix not loading global actions for personal agents * rmv unsupported characters from logging * fix chat links in dark mode * chg order of css for links in dark mode * fix chat color * add default plugin print logging * rmv default check for nonsql plugins * upd requirements * add keyvault and dynamic addsetting ui * fix for agents/plugins with invalid akv chars * add imp to appins logging * add security tab UI + key vault UI * add keyvault settings * fix for copilot findings. * fix for resaving plugin without changing secret --------- Co-authored-by: Bionic711 <[email protected]> * Feature/remove abp for pr (#510) * add crude keyvault base impl * upd secret naming convention * upd auth types to include conn string/basic(un/pw) * add ui trigger word and get agent helper * adds safe calls for akv functions * add keyvault to global actions loading * rmv secret leak via logging * fix chat links in dark mode * chg order of css for links in dark mode * fix chat color * add keyvault and dynamic addsetting ui * fix for agents/plugins with invalid akv chars * add security tab UI + key vault UI * fix for resaving plugin without changing secret * init azure billing plugin * add app settings cache * upd to azure billing plugin * upd to msgraph plugin * init community customizations * add module * add key vault config modal * add logging and functions to math * rmv extra telemetry, add appcache * upd billing plugin * add/upd key vault, admin settings, agents, max tokens * Remove abp for pr * disable static logging for development * rmv dup import * add note on pass * added notes * rmv dup decl * add semicolon * rmv unused variable add agent name to log * add actions migration back in * add notes and copilot fixes --------- Co-authored-by: Bionic711 <[email protected]> --------- Co-authored-by: Bionic711 <[email protected]> Co-authored-by: Bionic711 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates with keyvault helpers to allow saving secrets for agents and plugins to an azure keyvault.
Adds a dynamic UI for additional settings and fallback json support.
Various other code improvements to facilitate the above two features.