Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
cstoddard
Frequent Visitor

How to store secrets/access secrets using User Data Functions

‎03-31-2025 09:49 AM

Hi,

 

I'm intersted in using the new User Data Function functionality, but I don't see any way to store secrets securly (think an API key, etc). How can I do so?

Labels:
Message 1 of 10
1,136 Views
0
1 ACCEPTED SOLUTION
v-tsaipranay
Community Support
Community Support

‎04-01-2025 11:44 PM

Hi @cstoddard 
Thank you for posting in the Microsoft Fabric Community. Also thankyou @lbendlin  for your inputs.

 

To securely store and access secrets within User Data Functions (UDFs) in Microsoft Fabric, the best approach is to integrate Azure Key Vault (AKV) with Managed Identities. This ensures that sensitive information, such as API keys, is never hardcoded in your UDFs.

First, enable Managed Identity for your Fabric workspace, then grant it the "Key Vault Secrets User" role in AKV. This allows Fabric to authenticate securely and retrieve secrets without needing to store credentials in code.

If Managed Identities are not available in your setup, an alternative is using environment variables to securely store authentication details. Avoid hardcoding secrets at all costs, as it poses security risks.

For detailed guidance on securing credentials in Microsoft Fabric, refer to Microsoft Docs on Fabric Security. This approach follows security best practices and ensures your API keys and other sensitive data remain protected.

 

If this post helps, then please give us Kudos and consider Accept it as a solution to help the other members find it more quickly.

 

Thankyou.

View solution in original post

Message 6 of 10
1,023 Views
0
9 REPLIES 9
v-tsaipranay
Community Support
Community Support

‎04-01-2025 11:44 PM

Hi @cstoddard 
Thank you for posting in the Microsoft Fabric Community. Also thankyou @lbendlin  for your inputs.

 

To securely store and access secrets within User Data Functions (UDFs) in Microsoft Fabric, the best approach is to integrate Azure Key Vault (AKV) with Managed Identities. This ensures that sensitive information, such as API keys, is never hardcoded in your UDFs.

First, enable Managed Identity for your Fabric workspace, then grant it the "Key Vault Secrets User" role in AKV. This allows Fabric to authenticate securely and retrieve secrets without needing to store credentials in code.

If Managed Identities are not available in your setup, an alternative is using environment variables to securely store authentication details. Avoid hardcoding secrets at all costs, as it poses security risks.

For detailed guidance on securing credentials in Microsoft Fabric, refer to Microsoft Docs on Fabric Security. This approach follows security best practices and ensures your API keys and other sensitive data remain protected.

 

If this post helps, then please give us Kudos and consider Accept it as a solution to help the other members find it more quickly.

 

Thankyou.

Message 6 of 10
1,024 Views
0
agarrido_fabric
Microsoft Employee
Microsoft Employee
In response to v-tsaipranay

‎06-18-2025 09:00 AM

I don't believe this works. I set up the workspace identity in my Fabric workspace and then gave it Secret Officer permissions in AKV. When trying to connect with Fabric UDFs using the Azure Key Vault SDK, it couldn't authenticate probably because UDFs do not leverage the managed identity of the workspace. I tested calling the function from a notebook and using mssparkutils to retrieve the AKV secret and pass it to the function. Even though it shows the secret as redacted in the notebook, I can't tell if the function also receives the secret redacted. I cannot see the function logs once it's executed so can't validate.   

Message 10 of 10
187 Views
0
v-tsaipranay
Community Support
Community Support
In response to v-tsaipranay

‎04-13-2025 07:26 AM

Hi @cstoddard ,

 

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

 

Thank you.

Message 9 of 10
833 Views
0
v-tsaipranay
Community Support
Community Support
In response to v-tsaipranay

‎04-09-2025 02:35 AM

Hi @cstoddard ,

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.


Thank you.

Message 8 of 10
870 Views
0
v-tsaipranay
Community Support
Community Support
In response to v-tsaipranay

‎04-06-2025 08:50 PM

Hi @cstoddard ,

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.


Thank you.

Message 7 of 10
897 Views
0
lbendlin
Super User
Super User

‎03-31-2025 10:35 AM

What kind of keyvault are you considering?  Accessing Azure Key Vault Secrets from Fabric Notebooks

Message 2 of 10
1,111 Views
0
cstoddard
Frequent Visitor
In response to lbendlin

‎03-31-2025 11:05 AM

What? This doesn't answer the question at all.

Message 3 of 10
1,101 Views
0
lbendlin
Super User
Super User
In response to cstoddard

‎03-31-2025 11:24 AM

Incorprorate calls to AKV into your UDFs.

Message 4 of 10
1,090 Views
0
cstoddard
Frequent Visitor
In response to lbendlin

‎03-31-2025 11:50 AM

I thought of this, but there is no way to keep my AKV credentials secret either. I would have to hardcode the values, unless there is an API that I'm missing.

Message 5 of 10
1,084 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All