Hello @NandanHegde I cam across this accepted solution while trying to do this exact same thing: Get a Fabric Pipeline Web activity to retrieve a secret from an Azure Key Vault. But I'm getting errors. I suspect it might be due to the fact that I don't know where to plug in the settings for

Token audience URI : https://vault.azure.net

Can you help? 

I see that in classic Azure Data Factory Web task there is a space for "Resource" and the value of "https://vault.azure.net" goes there, but I don't see either Resource or Token Audience URI in Fabric Web Task. What am I missing?

Thanks in advance.

Did I answer your question? If so, mark my post as a solution. Also consider helping someone else in the forums! Proud to be a Super User!

It is in the connection settings that you have that option

I found it. And to clarify for potential future readers, as of this writing, that property is ONLY available in the NEW CONNECTION dialog box:

It is NOT available in the Edit Connection dialog box:

Commentary: Horrible user interface to use two different diagol boxes to set properties for a connection.

I have submitted an Idea to have this fixed here: Expose the Token Audience URI property for when ED... - Microsoft Fabric Community

If you are getting this far reading this thread, please go vote on the it.

Thanks.

Did I answer your question? If so, mark my post as a solution. Also consider helping someone else in the forums! Proud to be a Super User!

Addendum:

After recreating my connection to include the Token Audience Uri property, Fabric simply takes that information and adds it as a Header:

Did I answer your question? If so, mark my post as a solution. Also consider helping someone else in the forums! Proud to be a Super User!

Problem I see here is  you still need to keep a secret in your pipeline. Is there a way to access the keyvault using Managed Identity?

I'm attempting the same thing, but I'm getting the error below; I'm using Organization authentication.

I'm wondering if it's possible to construct a pipeline activity similar to the one we use in Synapse in Fabric by testing it while I'm on trial capacity.

Error

Operation on target Web1 failed: {"error":{"code":"BadParameter","message":"The specified version (7.0/https://<<xyz>>.vault.azure.net/secrets/test-key-vault-secret?api-version=7.0) is not recognized. Consider using the latest supported version (7.5)."}}

Thanks that looks promising. Where do I get TenantID, client ID and principal Key from?

You would need to create a Service principal.

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal

but you can also use your org account and org authentication

Great that worked with org thanks. However the source of the CopyData does not seem to be picking up the secret using: activity('AKV').output

Hey,

The Service principal key is the client secret and plz follow the below steps:

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#opti...

And you need to grant the App/service princiapl access on the key vault to read the secrets.

Thanks that helps. I used org settings in the end and edited my reply, so think we overlapped. I'm trying to get the result into the CopyData action now.

Glad it helped!!!! 

Thanks for using Fabric Community.

Do send Kudo and Accept as solution for others to benefit on the solution