Vasantha Silvary on 26 May 2023 01:17:06
if we get an option to connect to Azure KeyVault in Microsoft Fabric in Synapse data engineering through linked Service , We can retrieve values from keyvault which are sensitive in Nature.
Administrator
This ask is under internal review. Stay tuned for updates.
- Comments (6)
RE: Providing Azure Key Vault Access in Microsoft Fabric
How is this just "Under Review" ... hopefully my comment makes no sense to future readers in the very near future! :)
RE: Providing Azure Key Vault Access in Microsoft Fabric
For now, If you're trying to use AKV from PySpark Notebook, You can use the below code to access the secrets in akv and it works without any additional authenticationfrom trident_token_library_wrapper import PyTridentTokenLibrary as tlkey_vault_access_token = notebookutils.mssparkutils.credentials.getToken("keyvault")key_value = tl.get_secret_with_token("https://{key_vault_name_here}.vault.azure.net/","{secret_key_name_here}",key_vault_access_token)print(key_value)
RE: Providing Azure Key Vault Access in Microsoft Fabric
Great idea.for example, if we have a particular web service we would like to call as part of the workflow, e.g. geocoding service, we would need to store the token somewhere , retrieve it at runtime during pipeline run.
RE: Providing Azure Key Vault Access in Microsoft Fabric
Thank you for sharing this idea! I had a follow up question I wanted to ask to those who voted for this idea. Could you share more information on the following:Which services would you like to access Azure Key Vault from? (Notebooks, pipelines, dataflows etc. anything else)?Is the priority for us to support Azure Key Vault or a secrets store natively inside Fabric?Is the requirement to get access to the secrets themselves (e.g. retrieve a connection string in order to parametrize a pipeline) or to be able to connect to an underlying data source (e.g. connect to Azure SQL using the stored credentials)?Thanks,Justyna
RE: Providing Azure Key Vault Access in Microsoft Fabric
Based on the SaaS nature of Fabric, I could expect it to have at least a basic management of secrets within the tool itself for those customers that don't have existing key vault storage. Not being able to securely manage an REST API key out of the box means that almost everyone who wants to use fabric will need a key vault
RE: Providing Azure Key Vault Access in Microsoft Fabric
Yes, agree. 👍 We also need support for Manage Identifies in Microsoft Fabrick, both for connecting to existing Azure resources, and for allowing specific Fabric artifact to be able to connect securely to an Azure Key Vault. Manage Identifies was announces on Build on the roadmap for Microsoft Fabric, but not that many details on how it actually would work. Exact timestamp where this roadmap was discussed:Sense, analyze, and generate insights with Synapse Real-Time Analyticshttps://youtu.be/_Y-XyCRE6ec?t=3607