Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

View all the Fabric Data Days sessions on demand. View schedule

ToddChitt

Service Principal authentication and Azure Key Vault

Submitted by Super User on ‎07-16-2025 06:31 AM

Please do what you can to make EVERY connection type in Fabric support Service Principal authentication, AND make it so that the Secret (Service Principal Key) can be stored in an Azure Key Vault.

Many Fabric solutions involve connections to other data sources inside an organization's data landscape. Right now, there is a mix of authentication types available to the various connections. Service Principals are great, but they secret has an expiration date. When that expiriation is met and a new Secret generated, EVERY connection that uses that Service Principal need to be updated. For a moderately sized solution, that could be several or dozens of connections. Needing to edit the Secret on each one is not sustainable.

But by allowing the Secret to be stored in an Azure Key Vault, and making that Key Vault reference available in Fabric, now there is only ONE place to refresh that Secret and all (Service Principal) Connections can utilize it.

Status: New
See more ideas labeled with:
2 Comments (2 New)
Comments
NiklasHenkel
New Member
‎08-20-2025 01:04 AM
For the love of god. Yes please. It seems absurd that this hasnt been a priority until now. Our Fabric Architecture breaks every once in a while for needless Entra related Identity issues. Service principals everywhere. Secrets accessible for service principals. I just set up everything assuming this would function and am beyond disappointed that our azure key vault sits uselessly connected to fabric, because it cant talk with service principal connections somehow.
ToddChitt
Super User
Super User
‎10-16-2025 10:51 AM
I just found out that Service Principal Authentication for Fabric Warehouses (under Manage Connections and Gateways), while it lists "Service Principal" as an authentication type, DOES NOT SUPPORT Service Principal Authentication. Why would Microsoft enable an option like this THAT DOES NOT WORK? Come ON, Microsoft, you HAVE to do better than this! Commentary: If I was a Program Manager and a developer released a bit of code that allowed the user to pick an option that DID NOT WORK, I would seriously consider getting said developer off my team.