https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624329#M8195 <P>Theoretically a Key Vault secret is only [Redacted] if you try to print() it*.&nbsp; You should be able to use it 'as is'.<BR />How are you getting from certificate to cert?&nbsp; Is cert an actual path in your output?&nbsp; Can you print the path?</P> <P>&nbsp;</P> <P>From the link below, the cert parameter appears to need to be a tuple of the certificate path and the key path.<BR /><A href="https://www.pythonrequests.com/python-requests-library-mtls/#:~:text=How%20to%20use%20Python%20Requests%20library%20for%20mTLS,the%20requests.request%28%29%20method.%20Here%27s%20an%20example%3A%20print%20%28response.content%29" target="_blank">python requests library mtls</A><BR /><BR />If you're storing the cert / key in the key vault you may need to write these to a temporary file location for the requests to pick them up?&nbsp; (I've not seen methods of just adding the cert to a loaded string)<BR /><BR />* I'm not going to speculate about any bypass methods.</P> Tue, 25 Mar 2025 14:16:36 GMT spencer_sa 2025-03-25T14:16:36Z https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624063#M8193 <P>I need to connect to an API that requires mTLS authentication. I have stored the certificate in Azure Key Vault, and I can retrieve it this way:</P><LI-CODE lang="python">certificate = mssparkutils.credentials.getSecret('https://&lt;name&gt;.vault.azure.net/', 'certification-name')</LI-CODE><P>&nbsp;</P><P>So, when I perform a GET request like this:&nbsp;</P><LI-CODE lang="python">requests.get('https://api.endpoint.com/example', headers=headers, cert=cert)</LI-CODE><P>&nbsp;</P><P>I get this error:&nbsp;</P><LI-CODE lang="python">OSError: Could not find the TLS certificate file, invalid path: [REDACTED]</LI-CODE><P>&nbsp;</P><P>How can I solve this?&nbsp;&nbsp;</P><P>&nbsp;</P><P>The problem is that this certificate value is redacted:&nbsp;<A href="https://learn.microsoft.com/en-us/fabric/data-engineering/author-execute-notebook#secret-redaction" target="_blank">https://learn.microsoft.com/en-us/fabric/data-engineering/author-execute-notebook#secret-redaction</A></P> Tue, 25 Mar 2025 11:48:13 GMT https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624063#M8193 arlindTrystar 2025-03-25T11:48:13Z https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624329#M8195 <P>Theoretically a Key Vault secret is only [Redacted] if you try to print() it*.&nbsp; You should be able to use it 'as is'.<BR />How are you getting from certificate to cert?&nbsp; Is cert an actual path in your output?&nbsp; Can you print the path?</P> <P>&nbsp;</P> <P>From the link below, the cert parameter appears to need to be a tuple of the certificate path and the key path.<BR /><A href="https://www.pythonrequests.com/python-requests-library-mtls/#:~:text=How%20to%20use%20Python%20Requests%20library%20for%20mTLS,the%20requests.request%28%29%20method.%20Here%27s%20an%20example%3A%20print%20%28response.content%29" target="_blank">python requests library mtls</A><BR /><BR />If you're storing the cert / key in the key vault you may need to write these to a temporary file location for the requests to pick them up?&nbsp; (I've not seen methods of just adding the cert to a loaded string)<BR /><BR />* I'm not going to speculate about any bypass methods.</P> Tue, 25 Mar 2025 14:16:36 GMT https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624329#M8195 spencer_sa 2025-03-25T14:16:36Z https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624381#M8196 <P>Thank you for your response. Yes, for now it looks like the only option is to write the certificate content to a temporary file location and then pass that file location to the requests library.</P><P>However, now the client_secret and client_id that I get from azure key vault are 'REDACTED' and when I pass them to the requests library, it does not work. This is what I'm researching for now.&nbsp;</P><P>But yes, for anyone interested, you should write the certificate to a temporary file and then pass it to requests library. Something like this:</P><LI-CODE lang="python">with tempfile.NamedTemporaryFile(delete=False) as cert_file: cert_file.write(certificate.encode()) cert_file.flush() cert_path = cert_file.name</LI-CODE><P>where 'certificate' is the certificate content, and the cert_file is the temporary file path, and then you pass cert_file to requests library</P> Tue, 25 Mar 2025 15:00:28 GMT https://community.fabric.microsoft.com/t5/Data-Engineering/Fabric-notebook-connection-to-API-that-requires-mTLS/m-p/4624381#M8196 arlindTrystar 2025-03-25T15:00:28Z