Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
AdarshPanasri
Helper I
Helper I

Access Key-vault in notebooks

‎08-06-2024 06:37 AM

Hello Everyone, I have few secrets in my Key vault and want to access those in fabric notebook. I dont want users to have access to key vault. I can create SPN and use that to access the vault but for that I would need to authenticate using the credentials.

 

I am aware I can use the below utility but how does the authentication work in backend, do we need to provide some level of permissions on KV ?

 

mssparkutils.credentials.getSecret('https://<name>.vault.azure.net/', 'secret name')

 

Labels:
Message 1 of 8
1,816 Views
1 ACCEPTED SOLUTION
AndyDDC
Most Valuable Professional
Most Valuable Professional

‎08-06-2024 11:32 AM

Hi @AdarshPanasri @can you try this blog and see if it fits your scenario? https://www.syntera.ch/blog/2023/10/18/how-to-access-azure-key-vault-secrets-from-fabric-notebook/

View solution in original post

Message 2 of 8
1,791 Views
7 REPLIES 7
PanuO
Frequent Visitor

‎11-14-2024 12:19 AM

So summary of this: You cannot currently use Workspace Identity to grant access into Azure Key Vault. Well you can, but nothing supports it. You cannot run Notebook with Workspace Identity. Hope this feature would come quickly as this would improve the security of Notebooks.

Message 8 of 8
645 Views
v-shex-msft
Community Support
Community Support

‎08-13-2024 12:05 AM

Hi @AdarshPanasri ,

Any update on this? Did the above suggestions help with your scenario? if that is the case, you can consider Kudo or Accept the helpful suggestions to help others who faced similar requirements.

If these also don't help, please share more detailed information and description to help us clarify your scenario to test.

How to Get Your Question Answered Quickly 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Message 7 of 8
1,650 Views
0
APG
Frequent Visitor

‎08-07-2024 07:28 AM

As an alternative to SPNs you can use Workspace Identity to authenticate. You will need to provide some permissions on the key vault to the workspace identity, for example:

  • the "Key Vault Secrets User" role if your key vault is configured to use RBAC
  • or an access policy with get/list permissions on secrets if your key vault is configured to use access policies

If you don't want to use workspace identities you could also authenticate with the user that created the notebooks; of course you still need to grant roles/access policies to that user in the key vault

Message 4 of 8
1,762 Views
0
frithjof_v
Community Champion
Community Champion
In response to APG

‎08-07-2024 11:41 AM

Very interesting! That is really exciting. Have you tested it? I thought workspace identity was only for authenticating to ADLS at the moment, ref. the docs you linked to:

 

"Fabric workspaces with a workspace identity can securely read or write to firewall-enabled Azure Data Lake Storage Gen2 accounts through trusted workspace access for OneLake shortcuts. In the future, Fabric items will be able to use the identity when connecting to resources that support Microsoft Entra authentication."

 

Thanks.

Message 5 of 8
1,751 Views
0
mrtnhd
Frequent Visitor
In response to frithjof_v

‎08-15-2024 08:03 PM

I am also interested in this. Would it be possible to provide some example code of how I use the workspace identity to access an Azure key vault in a Fabric notebook?

Message 6 of 8
1,614 Views
0
AndyDDC
Most Valuable Professional
Most Valuable Professional

‎08-06-2024 11:32 AM

Hi @AdarshPanasri @can you try this blog and see if it fits your scenario? https://www.syntera.ch/blog/2023/10/18/how-to-access-azure-key-vault-secrets-from-fabric-notebook/

Message 2 of 8
1,792 Views
umeshr
Microsoft Employee
Microsoft Employee
In response to AndyDDC

‎12-13-2024 04:27 AM

This is great stuff to use key vault using individua's id to connect to key vault.

Still awaiting for solution to connect to key vault using Fabric's workspace identity.

Please let us know in case there is any solution available.

Message 3 of 8
182 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All