Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
coolie
Frequent Visitor

Accessing Azure KeyVault secret for Fabric CopyData Action

‎02-20-2024 12:24 AM

This post Microsoft Fabric connect to Azure Key Vault  descibes how to get a secret from Azure KeyVault and this works great. But is it possible to set a variable for CopyData (REST) action without using Notebook?

Labels:
Message 1 of 13
7,482 Views
0
1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

‎02-20-2024 03:03 AM

You can use Web activity to get details from Azure Key vault

 

Settings :

NandanHegde_0-1708426784023.png

 

Connection details :

NandanHegde_1-1708426898903.png

 

where Base URL : https://<<KVName>>.vault.azure.net/secrets/<<SecretName>>?api-version=7.0

Token audience URI : https://vault.azure.net

Azuthorization : YOu can use any one like org or SP etc




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com

View solution in original post

Message 5 of 13
7,415 Views
12 REPLIES 12
NandanHegde
Super User
Super User

‎02-20-2024 03:03 AM

You can use Web activity to get details from Azure Key vault

 

Settings :

NandanHegde_0-1708426784023.png

 

Connection details :

NandanHegde_1-1708426898903.png

 

where Base URL : https://<<KVName>>.vault.azure.net/secrets/<<SecretName>>?api-version=7.0

Token audience URI : https://vault.azure.net

Azuthorization : YOu can use any one like org or SP etc




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 5 of 13
7,416 Views
gbelzileartm
New Member
In response to NandanHegde

‎05-29-2024 08:36 AM

Problem I see here is  you still need to keep a secret in your pipeline. Is there a way to access the keyvault using Managed Identity?

Message 13 of 13
6,179 Views
0
Osama_Anwar
New Member
In response to NandanHegde

‎02-20-2024 08:16 PM

I'm attempting the same thing, but I'm getting the error below; I'm using Organization authentication.

I'm wondering if it's possible to construct a pipeline activity similar to the one we use in Synapse in Fabric by testing it while I'm on trial capacity.

 

Error

Operation on target Web1 failed: {"error":{"code":"BadParameter","message":"The specified version (7.0/https://<<xyz>>.vault.azure.net/secrets/test-key-vault-secret?api-version=7.0) is not recognized. Consider using the latest supported version (7.5)."}}

Message 12 of 13
7,367 Views
0
coolie
Frequent Visitor
In response to NandanHegde

‎02-20-2024 04:26 AM

Thanks that looks promising. Where do I get TenantID, client ID and principal Key from?

Message 6 of 13
7,402 Views
0
NandanHegde
Super User
Super User
In response to coolie

‎02-20-2024 04:33 AM

You would need to create a Service principal.

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal

 

but you can also use your org account and org authentication




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 7 of 13
7,399 Views
coolie
Frequent Visitor
In response to NandanHegde

‎02-20-2024 08:06 AM

Great that worked with org thanks. However the source of the CopyData does not seem to be picking up the secret using: activity('AKV').output

Message 8 of 13
7,389 Views
0
NandanHegde
Super User
Super User
In response to coolie

‎02-20-2024 08:20 AM

Hey,

The Service principal key is the client secret and plz follow the below steps:

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#opti...

 

And you need to grant the App/service princiapl access on the key vault to read the secrets.

 

 

 




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 9 of 13
7,386 Views
0
coolie
Frequent Visitor
In response to NandanHegde

‎02-20-2024 08:23 AM

Thanks that helps. I used org settings in the end and edited my reply, so think we overlapped. I'm trying to get the result into the CopyData action now.

Message 10 of 13
7,383 Views
0
NandanHegde
Super User
Super User
In response to coolie

‎02-20-2024 08:26 AM

Glad it helped!!!! 

Thanks for using Fabric Community.

Do send Kudo and Accept as solution for others to benefit on the solution 




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 11 of 13
7,374 Views
0
coolie
Frequent Visitor

‎02-20-2024 12:47 AM

Hi thanks for the reply. The action I am using is CopyData from web (REST) which requires a bearer token. I do not want this in plain text so have it stored in Azure KeyVault. I would like to set the source header authorization with the secret from Azure KeyVault. I am assuming this would be done via a previously set variable (as dynamic content).

Message 3 of 13
7,441 Views
0
Anonymous
Not applicable
In response to coolie

‎02-20-2024 12:56 AM

Hi @coolie ,

As I understand you are trying to copy data from rest api to lakehouse with the help of fabric pipelines.
Current challenge in your case is inorder to invoke rest api you required token ( i.e. Bearer token).

You can refer this forum conversation to get some idea -
Ingest data form a rest API with Oauth2 - Microsoft Fabric Community

Hope this helps.

Message 4 of 13
7,420 Views
0
Anonymous
Not applicable

‎02-20-2024 12:40 AM

Hi @coolie ,

Thanks for using Fabric Community.
I would like to understand what do you mean by "variable for CopyData (REST)" ?
Can you please help me in sharing these details, so I can guide you better.

If you are checking for Azure Key Vault feature in Data Factory Activities, then it will available soon.

vgchennamsft_0-1708418740848.png

 


You can refer this: What's new and planned for Data Factory in Microsoft Fabric - Microsoft Fabric | Microsoft Learn

Message 2 of 13
7,444 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All