microsoft · Priyanka-Microsoft · Jul 30, 2025 · Jul 30, 2025 · Jul 30, 2025 · Jul 30, 2025
@@ -1,6 +1,7 @@
 using Azure.Identity;
 using Microsoft.Extensions.Azure;
 using Microsoft.GS.DPSHost.AppConfiguration;
+using Microsoft.GS.DPSHost.Helpers;
 
 namespace Microsoft.GS.DPSHost.AppConfiguration
 {
@@ -11,12 +12,13 @@ public static void Config(IHostApplicationBuilder builder)
             //Read ServiceConfiguration files - appsettings.json / appsettings.Development.json
             //builder.Configuration.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
             //builder.Configuration.AddJsonFile($"appsettings.{builder.Environment.EnvironmentName}.json", optional: true, reloadOnChange: true);
-
+            var servicesConfig = builder.Configuration.GetSection("Application:Services").Get<Services>();
+            string appEnv = servicesConfig?.APP_ENV;
 
             //Read AppConfiguration with managed Identity
             builder.Configuration.AddAzureAppConfiguration(options =>
             {
-                options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), new DefaultAzureCredential());
+                options.Connect(new Uri(builder.Configuration["ConnectionStrings:AppConfig"]), AzureCredentialHelper.GetAzureCredential(appEnv));
             });
 
             //Read ServiceConfiguration

@@ -6,6 +6,7 @@ public class Services
         public KernelMemoryConfig KernelMemory { get; set; }
         public PersistentStorageConfig PersistentStorage { get; set; }
         public AzureAISearchConfig AzureAISearch { get; set; }
+        public string APP_ENV { get; set; }
 
         public class AzureAISearchConfig
         {

@@ -0,0 +1,32 @@
+using System;
+using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Identity;
+
+namespace Microsoft.GS.DPSHost.Helpers
+{
+    public static class AzureCredentialHelper
+    {
+        public static TokenCredential GetAzureCredential(string appEnv = "prod", string clientId = null)
+        {
+            //var env = Environment.GetEnvironmentVariable("APP_ENV") ?? "prod";
+            Console.WriteLine($"Current APP_ENV: {appEnv}");
+
+            if (string.Equals(appEnv, "dev", StringComparison.OrdinalIgnoreCase))
+            {
+                return new DefaultAzureCredential(); // For local development
+            }
+            else
+            {
+                return clientId != null
+                    ? new ManagedIdentityCredential(clientId)
+                    : new ManagedIdentityCredential();
+            }
+        }
+
+        public static Task<TokenCredential> GetAzureCredentialAsync(string appEnv = "prod", string clientId = null)
+        {
+            return Task.FromResult(GetAzureCredential(appEnv, clientId));
+        }
+    }
+}
@@ -28,15 +28,16 @@
       }
     },
     "Services": {
-      "CognitiveService": {
-        "DocumentIntelligence": {
-          "Endpoint": "",
-          "APIKey": ""
-        }
-      },
-      "KernelMemory": {
-        "Endpoint": ""
-      }
+        "CognitiveService": {
+            "DocumentIntelligence": {
+                "Endpoint": "",
+                "APIKey": ""
+            }
+        },
+        "KernelMemory": {
+            "Endpoint": ""
+        },
+        "APP_ENV": "prod"
     }
   }
 }
@@ -7,7 +7,7 @@
     <PackageVersion Include="AWSSDK.S3" Version="3.7.310.4" />
     <PackageVersion Include="Azure.AI.DocumentIntelligence" Version="1.0.0" />
     <PackageVersion Include="Azure.AI.FormRecognizer" Version="4.1.0" />
-    <PackageVersion Include="Azure.Core" Version="1.42.0" />
+    <PackageVersion Include="Azure.Core" Version="1.47.1" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.3.1" />
     <PackageVersion Include="Azure.Identity" Version="1.12.0" />
     <PackageVersion Include="Azure.Search.Documents" Version="11.5.1" />

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Azure.Core" />
+    <PackageReference Include="Azure.Identity" />
+  </ItemGroup>
+
+</Project>
@@ -0,0 +1,31 @@
+// Copyright (c) Microsoft. All rights reserved.
+using System;
+using System.Reflection.PortableExecutable;
+using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Identity;
+namespace Helpers;
+
+public class azure_credential_utils
+{
+    public static TokenCredential GetAzureCredential(string appEnv = "prod", string clientId = null)
+    {
+        //var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production";
+
+        if (string.Equals(appEnv, "dev", StringComparison.OrdinalIgnoreCase))
+        {
+            return new DefaultAzureCredential(); // For local development
+        }
+        else
+        {
+            return clientId != null
+                ? new ManagedIdentityCredential(clientId)
+                : new ManagedIdentityCredential();
+        }
+    }
+
+    public static Task<TokenCredential> GetAzureCredentialAsync(string appEnv = "prod", string clientId = null)
+    {
+        return Task.FromResult(GetAzureCredential(appEnv, clientId));
+    }
+}
@@ -8,10 +8,6 @@
         <NoWarn>$(NoWarn);KMEXP02;CA1724;CA1308;</NoWarn>
     </PropertyGroup>
 
-    <ItemGroup>
-        <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
-    </ItemGroup>
-
     <ItemGroup>
         <PackageReference Include="Azure.Identity" />
         <PackageReference Include="Azure.AI.FormRecognizer" />
@@ -30,4 +26,9 @@
         <None Include="README.md" Link="README.md" Pack="true" PackagePath="." Visible="false" />
     </ItemGroup>
 
+    <ItemGroup>
+      <ProjectReference Include="..\..\Helpers\Helpers.csproj" />
+      <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
+    </ItemGroup>
+
 </Project>
@@ -23,6 +23,8 @@ public enum AuthTypes
 
     public string APIKey { get; set; } = string.Empty;
 
+    public string APP_ENV { get; set; } = "prod";
+
     /// <summary>
     /// Verify that the current state is valid.
     /// </summary>

@@ -8,8 +8,11 @@
 using Azure;
 using Azure.AI.FormRecognizer.DocumentAnalysis;
 using Azure.Identity;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.Diagnostics;
+using Microsoft.KernelMemory.Configuration;
+
 
 namespace Microsoft.KernelMemory.DataFormats.AzureAIDocIntel;
 
@@ -36,7 +39,7 @@ public AzureAIDocIntelEngine(
         switch (config.Auth)
         {
             case AzureAIDocIntelConfig.AuthTypes.AzureIdentity:
-                this._recognizerClient = new DocumentAnalysisClient(new Uri(config.Endpoint), new DefaultAzureCredential());
+                this._recognizerClient = new DocumentAnalysisClient(new Uri(config.Endpoint), azure_credential_utils.GetAzureCredential(config.APP_ENV));
                 break;
 
             case AzureAIDocIntelConfig.AuthTypes.APIKey:

@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <ProjectReference Include="..\..\..\Helpers\Helpers.csproj" />
         <ProjectReference Include="..\..\..\service\Abstractions\Abstractions.csproj" />
     </ItemGroup>
 

@@ -25,6 +25,8 @@ public enum AuthTypes
     public string Endpoint { get; set; } = string.Empty;
     public string APIKey { get; set; } = string.Empty;
 
+    public string APP_ENV { get; set; } = "prod";
+
     /// <summary>
     /// Important: when using hybrid search, relevance scores
     /// are very different (e.g. lower) from when using just vector search.

@@ -14,6 +14,7 @@
 using Azure.Search.Documents.Indexes;
 using Azure.Search.Documents.Indexes.Models;
 using Azure.Search.Documents.Models;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.AI;
 using Microsoft.KernelMemory.Diagnostics;
@@ -66,7 +67,7 @@ public AzureAISearchMemory(
             case AzureAISearchConfig.AuthTypes.AzureIdentity:
                 this._adminClient = new SearchIndexClient(
                     new Uri(config.Endpoint),
-                    new DefaultAzureCredential(),
+                    azure_credential_utils.GetAzureCredential(config.APP_ENV),
                     GetClientOptions());
                 break;
 

@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <ProjectReference Include="..\..\Helpers\Helpers.csproj" />
         <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
     </ItemGroup>
 

@@ -35,6 +35,8 @@ public enum AuthTypes
     public string EndpointSuffix { get; set; } = "core.windows.net";
     public string Container { get; set; } = "";
 
+    public string APP_ENV { get; set; } = "prod";
+
     public void SetCredential(StorageSharedKeyCredential credential)
     {
         this.Auth = AuthTypes.ManualStorageSharedKeyCredential;

@@ -11,6 +11,7 @@
 using Azure.Storage.Blobs;
 using Azure.Storage.Blobs.Models;
 using Azure.Storage.Blobs.Specialized;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.Diagnostics;
 using Microsoft.KernelMemory.Pipeline;
@@ -61,7 +62,7 @@ public AzureBlobsStorage(
             {
                 this.ValidateAccountName(config.Account);
                 var suffix = this.ValidateEndpointSuffix(config.EndpointSuffix);
-                client = new BlobServiceClient(new Uri($"https://{config.Account}.blob.{suffix}"), new DefaultAzureCredential());
+                client = new BlobServiceClient(new Uri($"https://{config.Account}.blob.{suffix}"), azure_credential_utils.GetAzureCredential(config.APP_ENV));
                 break;
             }
 

@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <ProjectReference Include="..\..\Helpers\Helpers.csproj" />
         <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
         <ProjectReference Include="..\OpenAI\OpenAI\OpenAI.csproj" />
     </ItemGroup>

@@ -52,6 +52,8 @@ public enum APITypes
     /// </summary>
     public string Endpoint { get; set; } = string.Empty;
 
+    public string APP_ENV { get; set; } = "prod";
+
     /// <summary>
     /// Azure OpenAI deployment name
     /// </summary>

@@ -8,6 +8,7 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Azure.Identity;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.AI.OpenAI;
 using Microsoft.KernelMemory.Diagnostics;
@@ -52,7 +53,7 @@ public AzureOpenAITextEmbeddingGenerator(
                 this._client = new AzureOpenAITextEmbeddingGenerationService(
                     deploymentName: config.Deployment,
                     endpoint: config.Endpoint,
-                    credential: new DefaultAzureCredential(),
+                    credential: azure_credential_utils.GetAzureCredential(config.APP_ENV),
                     modelId: config.Deployment,
                     httpClient: httpClient,
                     dimensions: config.EmbeddingDimensions,

@@ -11,6 +11,7 @@
 using Azure.AI.OpenAI;
 using Azure.Core.Pipeline;
 using Azure.Identity;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.AI.AzureOpenAI.Internals;
 using Microsoft.KernelMemory.AI.OpenAI;
@@ -77,7 +78,7 @@ public AzureOpenAITextGenerator(
         switch (config.Auth)
         {
             case AzureOpenAIConfig.AuthTypes.AzureIdentity:
-                this._client = new OpenAIClient(new Uri(config.Endpoint), new DefaultAzureCredential(), options);
+                this._client = new OpenAIClient(new Uri(config.Endpoint), azure_credential_utils.GetAzureCredential(config.APP_ENV), options);
                 break;
 
             case AzureOpenAIConfig.AuthTypes.ManualTokenCredential:

@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <ProjectReference Include="..\..\Helpers\Helpers.csproj" />
         <ProjectReference Include="..\..\service\Abstractions\Abstractions.csproj" />
     </ItemGroup>
 

@@ -37,6 +37,8 @@ public enum AuthTypes
     public string AccountKey { get; set; } = "";
     public string EndpointSuffix { get; set; } = "core.windows.net";
 
+    public string APP_ENV { get; set; } = "prod";
+
     /// <summary>
     /// How often to check if there are new messages.
     /// </summary>

@@ -11,6 +11,7 @@
 using Azure.Storage;
 using Azure.Storage.Queues;
 using Azure.Storage.Queues.Models;
+using Helpers;
 using Microsoft.Extensions.Logging;
 using Microsoft.KernelMemory.Diagnostics;
 using Microsoft.KernelMemory.DocumentStorage;
@@ -94,7 +95,7 @@ public AzureQueuesPipeline(
             {
                 this.ValidateAccountName(config.Account);
                 var suffix = this.ValidateEndpointSuffix(config.EndpointSuffix);
-                this._clientBuilder = queueName => new QueueClient(new($"https://{config.Account}.queue.{suffix}/{queueName}"), new DefaultAzureCredential());
+                this._clientBuilder = queueName => new QueueClient(new($"https://{config.Account}.queue.{suffix}/{queueName}"), azure_credential_utils.GetAzureCredential(config.APP_ENV));
                 break;
             }
 

@@ -172,6 +172,10 @@ resource kmService 'Microsoft.App/containerApps@2023-05-01' = {
               name: 'KernelMemory__Services__AzureAIDocIntel__Endpoint'
               value: AzureAIDocIntel_Endpoint
             }
+            {
+              name: 'APP_ENV'
+              value: 'prod'
+            }
           ]
         }
       ]

@@ -162,6 +162,8 @@ public string ContentStorageType
     /// </summary>
     public string DefaultIndexName { get; set; } = "default";
 
+    public string APP_ENV { get; set; } = "prod";
+
     /// <summary>
     /// HTTP service authorization settings.
     /// </summary>