Vasantha Silvary on 26 May 2023 01:17:06
if we get an option to connect to Azure KeyVault in Microsoft Fabric in Synapse data engineering through linked Service , We can retrieve values from keyvault which are sensitive in Nature.
Administrator
This ask is under internal review. Stay tuned for updates.
- Comments (11)
RE: Providing Azure Key Vault Access in Microsoft Fabric
Great would be a Fabric "stand alone" secret store on workspace level:secret names have to be identical in release pipeline coupled workspaces (dev-test-prod-...), the deployment should replace the store references only on deploymenta mirror of a Azure Key Vault stores (like databricks does it) into a Fabric secret store would be nice
RE: Providing Azure Key Vault Access in Microsoft Fabric
This should be made available for sure. Otherwise it is pretty clunky to get an environment up and running that is always encrypted. Accessing KeyVault via App-Token isn't the most beautyful solution you could imagine.
RE: Providing Azure Key Vault Access in Microsoft Fabric
Don't know it is not available till now. Please make it available ASAP as Admin is not sharing the credentials without Azure KeyVault.
RE: Providing Azure Key Vault Access in Microsoft Fabric
A Fabric Key Vault implementation would be ideal. At a minimum, whether a key is secured in Azure or Fabric I would like the ability to use stored keys to sign, encode, etc from a notebook using APIs instead of extracting secrets.
RE: Providing Azure Key Vault Access in Microsoft Fabric
Yes we would like this for pipelines. Currently in synapse we use key vault to store all of our connection credentials to linked services. If we were to transition to Fabric this would be required.
RE: Providing Azure Key Vault Access in Microsoft Fabric
How is this just "Under Review" ... hopefully my comment makes no sense to future readers in the very near future! :)
RE: Providing Azure Key Vault Access in Microsoft Fabric
For now, If you're trying to use AKV from PySpark Notebook, You can use the below code to access the secrets in akv and it works without any additional authenticationfrom trident_token_library_wrapper import PyTridentTokenLibrary as tlkey_vault_access_token = notebookutils.mssparkutils.credentials.getToken("keyvault")key_value = tl.get_secret_with_token("https://{key_vault_name_here}.vault.azure.net/","{secret_key_name_here}",key_vault_access_token)print(key_value)
RE: Providing Azure Key Vault Access in Microsoft Fabric
Great idea.for example, if we have a particular web service we would like to call as part of the workflow, e.g. geocoding service, we would need to store the token somewhere , retrieve it at runtime during pipeline run.
RE: Providing Azure Key Vault Access in Microsoft Fabric
Thank you for sharing this idea! I had a follow up question I wanted to ask to those who voted for this idea. Could you share more information on the following:Which services would you like to access Azure Key Vault from? (Notebooks, pipelines, dataflows etc. anything else)?Is the priority for us to support Azure Key Vault or a secrets store natively inside Fabric?Is the requirement to get access to the secrets themselves (e.g. retrieve a connection string in order to parametrize a pipeline) or to be able to connect to an underlying data source (e.g. connect to Azure SQL using the stored credentials)?Thanks,Justyna
RE: Providing Azure Key Vault Access in Microsoft Fabric
Based on the SaaS nature of Fabric, I could expect it to have at least a basic management of secrets within the tool itself for those customers that don't have existing key vault storage. Not being able to securely manage an REST API key out of the box means that almost everyone who wants to use fabric will need a key vault