Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
arlindTrystar
Advocate I
Advocate I

Fabric notebook connection to API that requires mTLS authentication

‎03-25-2025 04:48 AM

I need to connect to an API that requires mTLS authentication. I have stored the certificate in Azure Key Vault, and I can retrieve it this way:

certificate = mssparkutils.credentials.getSecret('https://<name>.vault.azure.net/', 'certification-name')

 

So, when I perform a GET request like this: 

requests.get('https://api.endpoint.com/example', headers=headers, cert=cert)

 

I get this error: 

OSError: Could not find the TLS certificate file, invalid path: [REDACTED]

 

How can I solve this?  

 

The problem is that this certificate value is redacted: https://learn.microsoft.com/en-us/fabric/data-engineering/author-execute-notebook#secret-redaction

Labels:
Message 1 of 3
624 Views
0
1 ACCEPTED SOLUTION
spencer_sa
Super User
Super User

‎03-25-2025 07:16 AM

Theoretically a Key Vault secret is only [Redacted] if you try to print() it*.  You should be able to use it 'as is'.
How are you getting from certificate to cert?  Is cert an actual path in your output?  Can you print the path?

 

From the link below, the cert parameter appears to need to be a tuple of the certificate path and the key path.
python requests library mtls

If you're storing the cert / key in the key vault you may need to write these to a temporary file location for the requests to pick them up?  (I've not seen methods of just adding the cert to a loaded string)

* I'm not going to speculate about any bypass methods.

View solution in original post

Message 2 of 3
576 Views
0
2 REPLIES 2
arlindTrystar
Advocate I
Advocate I

‎03-25-2025 08:00 AM

Thank you for your response. Yes, for now it looks like the only option is to write the certificate content to a temporary file location and then pass that file location to the requests library.

However, now the client_secret and client_id that I get from azure key vault are 'REDACTED' and when I pass them to the requests library, it does not work. This is what I'm researching for now. 

But yes, for anyone interested, you should write the certificate to a temporary file and then pass it to requests library. Something like this:

with tempfile.NamedTemporaryFile(delete=False) as cert_file:
            cert_file.write(certificate.encode())
            cert_file.flush()
            cert_path = cert_file.name

where 'certificate' is the certificate content, and the cert_file is the temporary file path, and then you pass cert_file to requests library

Message 3 of 3
570 Views
spencer_sa
Super User
Super User

‎03-25-2025 07:16 AM

Theoretically a Key Vault secret is only [Redacted] if you try to print() it*.  You should be able to use it 'as is'.
How are you getting from certificate to cert?  Is cert an actual path in your output?  Can you print the path?

 

From the link below, the cert parameter appears to need to be a tuple of the certificate path and the key path.
python requests library mtls

If you're storing the cert / key in the key vault you may need to write these to a temporary file location for the requests to pick them up?  (I've not seen methods of just adding the cert to a loaded string)

* I'm not going to speculate about any bypass methods.

Message 2 of 3
577 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

September Fabric Update Carousel

Fabric Monthly Update - September 2025

Check out the September 2025 Fabric update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All