easyPlan and manage an Azure AI solution
A team deploys a Python API in Azure Container Apps that calls a model deployment in a Microsoft Foundry project. Security policy requires keyless authentication - no API keys may be stored anywhere, including app settings, container images, source code, or a secret store such as Key Vault. Which authentication approach should the team use?
Use DefaultAzureCredential with the container app's managed identity and grant the identity the least required role on the Foundry resource.
Store the Foundry API key in Azure Key Vault and have the app read it at startup.
Save the Foundry API key as a protected variable in the CI/CD pipeline and inject it during deployment.
Use the public endpoint with IP restrictions and pass the key in an HTTP header.