Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now

Reply
coolie
Frequent Visitor

Accessing Azure KeyVault secret for Fabric CopyData Action

This post Microsoft Fabric connect to Azure Key Vault  descibes how to get a secret from Azure KeyVault and this works great. But is it possible to set a variable for CopyData (REST) action without using Notebook?

1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

You can use Web activity to get details from Azure Key vault

 

Settings :

NandanHegde_0-1708426784023.png

 

Connection details :

NandanHegde_1-1708426898903.png

 

where Base URL : https://<<KVName>>.vault.azure.net/secrets/<<SecretName>>?api-version=7.0

Token audience URI : https://vault.azure.net

Azuthorization : YOu can use any one like org or SP etc

View solution in original post

12 REPLIES 12
NandanHegde
Super User
Super User

You can use Web activity to get details from Azure Key vault

 

Settings :

NandanHegde_0-1708426784023.png

 

Connection details :

NandanHegde_1-1708426898903.png

 

where Base URL : https://<<KVName>>.vault.azure.net/secrets/<<SecretName>>?api-version=7.0

Token audience URI : https://vault.azure.net

Azuthorization : YOu can use any one like org or SP etc

Problem I see here is  you still need to keep a secret in your pipeline. Is there a way to access the keyvault using Managed Identity?

I'm attempting the same thing, but I'm getting the error below; I'm using Organization authentication.

I'm wondering if it's possible to construct a pipeline activity similar to the one we use in Synapse in Fabric by testing it while I'm on trial capacity.

 

Error

Operation on target Web1 failed: {"error":{"code":"BadParameter","message":"The specified version (7.0/https://<<xyz>>.vault.azure.net/secrets/test-key-vault-secret?api-version=7.0) is not recognized. Consider using the latest supported version (7.5)."}}

Thanks that looks promising. Where do I get TenantID, client ID and principal Key from?

You would need to create a Service principal.

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal

 

but you can also use your org account and org authentication

Great that worked with org thanks. However the source of the CopyData does not seem to be picking up the secret using: activity('AKV').output

Hey,

The Service principal key is the client secret and plz follow the below steps:

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#opti...

 

And you need to grant the App/service princiapl access on the key vault to read the secrets.

 

 

 

Thanks that helps. I used org settings in the end and edited my reply, so think we overlapped. I'm trying to get the result into the CopyData action now.

Glad it helped!!!! 

Thanks for using Fabric Community.

Do send Kudo and Accept as solution for others to benefit on the solution 

coolie
Frequent Visitor

Hi thanks for the reply. The action I am using is CopyData from web (REST) which requires a bearer token. I do not want this in plain text so have it stored in Azure KeyVault. I would like to set the source header authorization with the secret from Azure KeyVault. I am assuming this would be done via a previously set variable (as dynamic content).

Anonymous
Not applicable

Hi @coolie ,

As I understand you are trying to copy data from rest api to lakehouse with the help of fabric pipelines.
Current challenge in your case is inorder to invoke rest api you required token ( i.e. Bearer token).

You can refer this forum conversation to get some idea -
Ingest data form a rest API with Oauth2 - Microsoft Fabric Community

Hope this helps.

Anonymous
Not applicable

Hi @coolie ,

Thanks for using Fabric Community.
I would like to understand what do you mean by "variable for CopyData (REST)" ?
Can you please help me in sharing these details, so I can guide you better.

If you are checking for Azure Key Vault feature in Data Factory Activities, then it will available soon.

vgchennamsft_0-1708418740848.png

 


You can refer this: What's new and planned for Data Factory in Microsoft Fabric - Microsoft Fabric | Microsoft Learn

Helpful resources

Announcements
Oct Fabric Update Carousel

Fabric Monthly Update - October 2024

Check out the October 2024 Fabric update to learn about new features.

October NL Carousel

Fabric Community Update - October 2024

Find out what's new and trending in the Fabric Community.