Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.

Reply
Anonymous
Not applicable

Encrypt Client Credentials for API data connector

‎12-14-2020 03:37 AM

Hi, 

 

I was wondering if there is a way to encrypt values in Power BI? Store them as secrets? For example in databricks you have secret scopes, which holds the values for something as variable you can use within your code? 

 

I have a data connector that i've defined in the advanced editor of Power Query - that requires the use of client crednetials to call the API to retrieve a Bearer Token. I currently have to physically write the secret value in the script, which does not appear secure/encrypt or align with security practice, how should i manage this? I want to be able to encrypt what i have in replace of [clientsecret] in my file. 

 

    token_url = "https://[url]",
    url = "https://[url]",
    
    body="grant_type=client_credentials&client_id=[clientid]&client_secret=[clientsecret]",
    Source1  = Json.Document(Web.Contents(token_url,
   [ 
     Headers = [#"Content-Type"="application/x-www-form-urlencoded"],
     Content=Text.ToBinary(body)
   ]
   )
   ),
    token = Source1[access_token], 
    bodytext = Custom1,
    body2=bodytext,
    Source2 = Json.Document(Web.Contents(url, [
        Headers = [#"Authorization"="Bearer "&token, 
        #"Content-Type"="application/json"],
        Content = Text.ToBinary(body2)
    ])),

 

 

Labels:
Message 1 of 4
1,449 Views
0
3 REPLIES 3
Anonymous
Not applicable

‎12-15-2020 10:30 PM

Hi @Anonymous,

If you only mean the simple binary and text conversation with a particular encode (e.g. base64) or some calculations and replacement with specific rules, they are possible. You can integrate these types of query power functions into your connector to handle these inputted values.

If you mean the additional verifications with custom authorization or specified credentials(virtual or physical) from a local device or invoke from external web resources, I don't think they are simply to be achieved.
Even if you succeed processed on the desktop side, they may also be blocked when you test on the power bi service side. (it contains a few security to limit these operations)

Power BI Security#data-storage-security 
Regards,

Xiaoxin Sheng

Message 2 of 4
1,391 Views
0
Anonymous
Not applicable
In response to Anonymous

‎12-16-2020 03:56 AM

Hi Xiaoxin, 

 

I'm more concerned with keeping the client_secret value, a secret. So whether theres a way to store that within the pbix file in a way that someone else cannot access or see it? 

Message 3 of 4
1,377 Views
0
Anonymous
Not applicable
In response to Anonymous

‎12-16-2020 06:33 PM

Hi @Anonymous,

AFAIK, current power bi report not keeping any credentials int to pbix file.

They are stored on the power i desktop client instead of attach into pbix file, every time you publish a pbix file, you still need to fix its data credentials on service side.

In my opinion, I'd like to suggest you create/use rest api to transfer the secret values. You can add a query table to invoke and get the credentials string from that api and use in your connector. It should better than directly typing these credentials/secret string in your connector.
Regards,

Xiaoxin Sheng

Message 4 of 4
1,363 Views
0

Helpful resources

Announcements
June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All