Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreShape the future of the Fabric Community! Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions. Take survey.
This post Microsoft Fabric connect to Azure Key Vault descibes how to get a secret from Azure KeyVault and this works great. But is it possible to set a variable for CopyData (REST) action without using Notebook?
Solved! Go to Solution.
You can use Web activity to get details from Azure Key vault
Settings :
Connection details :
where Base URL : https://<<KVName>>.vault.azure.net/secrets/<<SecretName>>?api-version=7.0
Token audience URI : https://vault.azure.net
Azuthorization : YOu can use any one like org or SP etc
You can use Web activity to get details from Azure Key vault
Settings :
Connection details :
where Base URL : https://<<KVName>>.vault.azure.net/secrets/<<SecretName>>?api-version=7.0
Token audience URI : https://vault.azure.net
Azuthorization : YOu can use any one like org or SP etc
Problem I see here is you still need to keep a secret in your pipeline. Is there a way to access the keyvault using Managed Identity?
I'm attempting the same thing, but I'm getting the error below; I'm using Organization authentication.
I'm wondering if it's possible to construct a pipeline activity similar to the one we use in Synapse in Fabric by testing it while I'm on trial capacity.
Error
Operation on target Web1 failed: {"error":{"code":"BadParameter","message":"The specified version (7.0/https://<<xyz>>.vault.azure.net/secrets/test-key-vault-secret?api-version=7.0) is not recognized. Consider using the latest supported version (7.5)."}}
Thanks that looks promising. Where do I get TenantID, client ID and principal Key from?
You would need to create a Service principal.
https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal
but you can also use your org account and org authentication
Great that worked with org thanks. However the source of the CopyData does not seem to be picking up the secret using: activity('AKV').output
Hey,
The Service principal key is the client secret and plz follow the below steps:
And you need to grant the App/service princiapl access on the key vault to read the secrets.
Thanks that helps. I used org settings in the end and edited my reply, so think we overlapped. I'm trying to get the result into the CopyData action now.
Glad it helped!!!!
Thanks for using Fabric Community.
Do send Kudo and Accept as solution for others to benefit on the solution
Hi thanks for the reply. The action I am using is CopyData from web (REST) which requires a bearer token. I do not want this in plain text so have it stored in Azure KeyVault. I would like to set the source header authorization with the secret from Azure KeyVault. I am assuming this would be done via a previously set variable (as dynamic content).
Hi @coolie ,
As I understand you are trying to copy data from rest api to lakehouse with the help of fabric pipelines.
Current challenge in your case is inorder to invoke rest api you required token ( i.e. Bearer token).
You can refer this forum conversation to get some idea -
Ingest data form a rest API with Oauth2 - Microsoft Fabric Community
Hope this helps.
Hi @coolie ,
Thanks for using Fabric Community.
I would like to understand what do you mean by "variable for CopyData (REST)" ?
Can you please help me in sharing these details, so I can guide you better.
If you are checking for Azure Key Vault feature in Data Factory Activities, then it will available soon.
You can refer this: What's new and planned for Data Factory in Microsoft Fabric - Microsoft Fabric | Microsoft Learn
Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.
Check out the November 2024 Fabric update to learn about new features.
User | Count |
---|---|
7 | |
4 | |
2 | |
2 | |
1 |