Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
matthias_vc
Frequent Visitor

How safe is it to store Credentials in Power Query

‎04-06-2022 09:00 AM

Hi All, 

 

My main question is this:
- If I hardcode an encoded username + password in a Power Query step and publish that to the Power BI Service. Will that information be accessible to anyone else than the people who have access to the Power Bi File itself?

 

Flavor:

I'm currently creating some live Dashboards from OPC (Oracle Primavera Cloud) in Power BI.

OPC doesn't have a custom connector, but I can get the data from the REST Endpoints by:

-> Submitting a call to a "Token Endpoint" => Asks for Encoded Username+Password and gives back a token

 

Username = Extension.CurrentCredential()[Username],
Password = Extension.CurrentCredential()[Password],
vCred = "Basic "&Binary.ToText(Text.ToBinary(Username &":"&Password), 0),
tokenUrl = "https://.../apitoken/request?scope=http://../data",
Authentication = Json.Document(Web.Contents(tokenUrl, [Headers=[#"Authorization" = vCred], Content = Text.ToBinary("")])),

 

-> Use Token in subsequent calls to get data.

 

bearerToken = "Bearer " & Authentication[accessToken],
vUrl = "https://../dataservice/runquery",
body = TasksBody,
CallAPI = Json.Document(Web.Contents(vUrl,  [
     Headers = [#"Authorization"=bearerToken,
               #"x-prime-identity-app"=Authentication[primeIdentityApp],
               #"x-prime-tenant"=Authentication[primeTenant],
               #"x-prime-tenant-code"=Authentication[primeTenantCode],
               #"Content-Type"="application/json"
               ], 
    Content=Text.ToBinary(body)
]))

 

1) I would like to use the "Basic" Authentication of Power BI to do the first step, but as the Service expects an encoded version, it doesn't really help much as I can't access it in Query. If I hard code it, I'm not sure how safe it is.

2) I made a Custom Connector that can generate the Token based on Basic Authentication. However, when I build on this It asks to specify Credentials again. (Probably as Step 1 tried to get credentials for https://XXX/Apitoken/Request it overwrote the "anonymous" credentials for https://XXX/dataservice/runquery?

Labels:
Message 1 of 2
1,576 Views
0
1 REPLY 1
AlexisOlson
Super User
Super User

‎04-06-2022 01:06 PM

If someone has access to the Power BI workspace you publish the report to, they can download the PBIX from the Service and open it up and look at the query text (assuming they have a minimum of Write access to the dataset or are a Contributor to the workspace).

 

If they don't have access to the PBIX file, then I can't think of a way to access that query text but that doesn't mean it's not possible and I generally wouldn't advise storing unencrypted credentials in a query.

Message 2 of 2
1,534 Views

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All