Yes, agree. 👍 We also need support for Manage Identifies in Microsoft Fabrick, both for connecting to existing Azure resources, and for allowing specific Fabric artifact to be able to connect securely to an Azure Key Vault.

Manage Identifies was announces on Build on the roadmap for Microsoft Fabric, but not that many details on how it actually would work.

Exact timestamp where this roadmap was discussed:

Sense, analyze, and generate insights with Synapse Real-Time Analytics

https://youtu.be/_Y-XyCRE6ec?t=3607

Based on the SaaS nature of Fabric, I could expect it to have at least a basic management of secrets within the tool itself for those customers that don't have existing key vault storage. Not being able to securely manage an REST API key out of the box means that almost everyone who wants to use fabric will need a key vault

Thank you for sharing this idea! I had a follow up question I wanted to ask to those who voted for this idea. Could you share more information on the following:

• Which services would you like to access Azure Key Vault from? (Notebooks, pipelines, dataflows etc. anything else)?
• Is the priority for us to support Azure Key Vault or a secrets store natively inside Fabric?
• Is the requirement to get access to the secrets themselves (e.g. retrieve a connection string in order to parametrize a pipeline) or to be able to connect to an underlying data source (e.g. connect to Azure SQL using the stored credentials)?

Thanks,

Justyna

Great idea.

for example, if we have a particular web service we would like to call as part of the workflow, e.g. geocoding service, we would need to store the token somewhere , retrieve it at runtime during pipeline run.

For now, If you're trying to use AKV from PySpark Notebook, You can use the below code to access the secrets in akv and it works without any additional authentication

from trident_token_library_wrapper import PyTridentTokenLibrary as tl

key_vault_access_token = notebookutils.mssparkutils.credentials.getToken("keyvault")

key_value = tl.get_secret_with_token("https://{key_vault_name_here}.vault.azure.net/","{secret_key_name_here}",key_vault_access_token)

print(key_value)

How is this just "Under Review" ... hopefully my comment makes no sense to future readers in the very near future! 🙂

Yes we would like this for pipelines. Currently in synapse we use key vault to store all of our connection credentials to linked services. If we were to transition to Fabric this would be required.

A Fabric Key Vault implementation would be ideal. At a minimum, whether a key is secured in Azure or Fabric I would like the ability to use stored keys to sign, encode, etc from a notebook using APIs instead of extracting secrets.

Don't know it is not available till now. Please make it available ASAP as Admin is not sharing the credentials without Azure KeyVault.

This should be made available for sure. Otherwise it is pretty clunky to get an environment up and running that is always encrypted. Accessing KeyVault via App-Token isn't the most beautyful solution you could imagine.