Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Srisakthi
Super User
Super User

Azure Key Vault Connection

‎05-15-2025 01:22 AM

Hi Everyone,

 

There is an Azure Key Vault support introduced for connections in Fabric with Authentication Method as OAuth. I have couple of questions

1. Is there anything in roadmap with Service Principal or Workspace Identity as Authentication Method?

2. How can I refer azure key vault connection in notebooks is there any sample?

 

Regards,

Srisakthi

 

Labels:
Message 1 of 18
5,985 Views
2 ACCEPTED SOLUTIONS
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎06-06-2025 02:14 AM

Hi @Srisakthi ,

You can create and manage Key Vault connections in the Data -> Connections tab.
Direct usage of those Key Vault connections in Lakehouse or Notebook environment is not natively exposed yet.

 

I suggest submitting your detailed feedback and ideas through Microsoft's official feedback channels, such as Microsoft Fabric Ideas. Feedback submitted through these channels is frequently reviewed by the product teams and can contribute to meaningful improvements.
Fabric Ideas - Microsoft Fabric Community


If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it!

 

Thank you

 

View solution in original post

Message 11 of 18
5,538 Views
0
Srisakthi
Super User
Super User
In response to v-dineshya

‎06-08-2025 09:52 PM

Hi @v-dineshya ,

 

I  have submitted the idea. Please check

MS Fabric Connections in Notebook - Microsoft Fabric Community

 

Thanks,

Srisakthi

View solution in original post

Message 13 of 18
5,483 Views
17 REPLIES 17
Srisakthi
Super User
Super User

‎05-21-2025 11:31 PM

Hi @burakkaragoz ,

 

Referencing key vault in notebook directly I have explored few months back itself. What I was looking for is using Key vault conenction that we create in MS Fabric to be referred in notebook

 

Regards,

Srisakthi

Message 15 of 18
5,814 Views
0
burakkaragoz
Community Champion
Community Champion
In response to Srisakthi

‎05-21-2025 11:36 PM

Hi @Srisakthi ,

 

Thanks for clarifying – now I get what you're aiming for.

Currently, Fabric Notebooks don’t natively expose the Key Vault Connections created in the UI (like they do for pipelines or dataflows). But here are a couple of workarounds you can try:

Option 1: Use Azure Identity + SDK

If your notebook is running in a managed identity context (like Fabric runtime), you can use the Azure SDK to access secrets directly:

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

key_vault_url = "https://<your-keyvault-name>.vault.azure.net/"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=key_vault_url, credential=credential)

secret = client.get_secret("your-secret-name")
print(secret.value)

Make sure the Fabric workspace or runtime has access to the Key Vault via RBAC or access policies.

Option 2: Store secrets in a config table

If direct access isn’t working, you can store secrets (or connection strings) in a secured Lakehouse table and read them at runtime. Not ideal, but works for controlled environments.

Let me know if you want help setting up the identity permissions or testing the SDK approach. Happy to walk through it with you.

Message 16 of 18
5,809 Views
0
hgupta13
Regular Visitor
In response to burakkaragoz

‎08-20-2025 11:52 AM

Hi burakkaragoz,

I was trying the following solutions


1. Markutils: But this get the secret under the user who is running the notebook. So as  notebook user I need read,get access to the keyvault. (I would like to avoid this method as multiple devs are working)

 

2. I was trying the SDK where I am using. I did added the worksapce name in the access policy of my keyvault. But Still I am not able to access it. Can you let me know what I can do in this scenario?

Message 17 of 18
4,106 Views
0
yashaswi_raj
Helper I
Helper I
In response to hgupta13

‎09-12-2025 05:17 AM

Hi @hgupta13 , yes what you are trying will not work .
DefaultAzureCredential() is also not supported in Fabric notebook to fetch secret.

what i did was called the notebook directly from ADF using web activity with which the notebook took the adf managed identity's autnetication .

 

You can Check if you also have similar scenario

Message 18 of 18
3,203 Views
0
burakkaragoz
Community Champion
Community Champion

‎05-21-2025 11:14 PM

Hi @Srisakthi ,

 

Just checking in – did the steps I shared help resolve the issue?

If it’s working now, feel free to mark the response as the Accepted Solution. This helps others who face the same issue find the fix faster.
And of course, a little Kudos would be much appreciated!

If you're still running into trouble, let me know what you've tried so far and I’ll help you dig deeper. We’ll get it sorted!

Message 14 of 18
5,835 Views
0
v-dineshya
Community Support
Community Support

‎05-15-2025 05:40 AM

Hi @Srisakthi ,

Thank you for reaching out to the Microsoft Community Forum.

 

1. Roadmap for Service Principal or Workspace Identity as Authentication Methods

Azure Key Vault connections in Microsoft Fabric support OAuth authentication. While there is no explicit documentation detailing the roadmap for Service Principal or Workspace Identity authentication methods for Azure Key Vault connections, Microsoft is actively enhancing authentication capabilities within Fabric.

Workspace Identity a managed service principal associated with a Fabric workspace is available and can be used for authentication with certain data sources, such as Azure Data Lake Storage Gen2. This feature allows Fabric items like OneLake shortcuts, data pipelines, and semantic models to authenticate securely without managing credentials manually.

While Workspace Identity support for Azure Key Vault connections is not explicitly mentioned, the ongoing enhancements suggest that broader authentication method support may be introduced in the future.

2. Referencing Azure Key Vault Connections in Notebooks

To access Azure Key Vault secrets within Fabric notebooks, you can use the mssparkutils library.

sample code snippet:

# Replace with your Key Vault URL and secret name
secret_value = mssparkutils.credentials.getSecret('https://<your-keyvault-name>.vault.azure.net/', 'your-secret-name')
print(secret_value)

 

Please refer community threads and Microsoft articles and blogs.

Authenticate with Microsoft Fabric workspace identity - Microsoft Fabric | Microsoft Learn

Authenticate to Fabric data connections using Azure Key Vault stored secrets (Preview) | Microsoft F...

Solved: Access Key-vault in notebooks - Microsoft Fabric Community

Authenticate to Azure Key Vault | Microsoft Learn

Workspace identity - Microsoft Fabric | Microsoft Learn

 

If my response has resolved your query, please mark it as the "Accepted Solution" to assist others. Additionally, a "Kudos" would be appreciated if you found my response helpful.

 

Thank you

Message 7 of 18
5,932 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎05-19-2025 08:19 AM

Hi @Srisakthi ,

If my response has resolved your query, please mark it as the "Accepted Solution" to assist others. Additionally, a "Kudos" would be appreciated if you found my response helpful.

 

Thank you

Message 8 of 18
5,884 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎05-22-2025 08:28 AM

Hi @Srisakthi ,

If my response has resolved your query, please mark it as the "Accepted Solution" to assist others. Additionally, a "Kudos" would be appreciated if you found my response helpful.

 

Thank you

Message 9 of 18
5,792 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎05-25-2025 09:38 PM

Hi @Srisakthi ,

If my response has resolved your query, please mark it as the "Accepted Solution" to assist others. Additionally, a "Kudos" would be appreciated if you found my response helpful.

 

Thank you

Message 10 of 18
5,758 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎06-06-2025 02:14 AM

Hi @Srisakthi ,

You can create and manage Key Vault connections in the Data -> Connections tab.
Direct usage of those Key Vault connections in Lakehouse or Notebook environment is not natively exposed yet.

 

I suggest submitting your detailed feedback and ideas through Microsoft's official feedback channels, such as Microsoft Fabric Ideas. Feedback submitted through these channels is frequently reviewed by the product teams and can contribute to meaningful improvements.
Fabric Ideas - Microsoft Fabric Community


If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it!

 

Thank you

 

Message 11 of 18
5,539 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎06-08-2025 09:01 PM

HI @Srisakthi ,

Could you please confirm if you've submitted this as an idea in the Ideas Forum? If so, sharing the link here would be helpful for other community members who may have similar feedback.

If we don’t hear back, we’ll go ahead and close this thread. For any further discussions or questions, please start a new thread in the Microsoft Fabric Community Forum we’ll be happy to assist.

Thank you for being part of the Microsoft Fabric Community.

Message 12 of 18
5,505 Views
Srisakthi
Super User
Super User
In response to v-dineshya

‎06-08-2025 09:52 PM

Hi @v-dineshya ,

 

I  have submitted the idea. Please check

MS Fabric Connections in Notebook - Microsoft Fabric Community

 

Thanks,

Srisakthi

Message 13 of 18
5,484 Views
yvaubourg
Resolver I
Resolver I

‎05-15-2025 01:50 AM

Hi @Srisakthi,

1. I don't see why at least Service Principal connection won't be added in the Future. As for "Workspace Identity", it could be weird to be able to do it as the connections are usable in your entire Fabric tenant.

2. The documentation state for Key Vault reference are only usable for connection. Before this feature, you could already connect to Azure Key Vault in Notebook. Here is a end to end tutorial to do it

 

Regards,

Yohann

Message 6 of 18
5,974 Views
burakkaragoz
Community Champion
Community Champion

‎05-15-2025 01:49 AM

Hi @Srisakthi ,

 

Azure Key Vault integration in Fabric is a powerful feature, and it's good to see more users exploring secure credential management. Let me address both of your points:

1️⃣ Support for Service Principal or Workspace Identity Authentication

As of now, Azure Key Vault connections in Fabric support OAuth 2.0 with user identity, but Service Principal and Workspace Managed Identity are not yet generally available for this use case.

However, based on recent roadmap updates and community discussions, support for Service Principal authentication is planned for future releases. This will be especially useful for automated workloads and CI/CD pipelines where user-based OAuth is not ideal.

In the meantime, if you need to automate access securely:

  • Consider using Azure Managed Identity in combination with Azure Synapse or Azure Data Factory, which can then feed into Fabric.
  • Alternatively, store secrets in Key Vault and retrieve them manually in notebooks using Azure SDKs (see below).

2️⃣ Using Azure Key Vault in Fabric Notebooks

Currently, there is no direct built-in method to reference a Fabric Key Vault connection inside a notebook. However, you can access secrets from Azure Key Vault using Python with the azure-identity and azure-keyvault-secrets libraries.

Here’s a sample code snippet:

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

# Replace with your Key Vault URL
key_vault_url = "https://<your-keyvault-name>.vault.azure.net/"

# Authenticate using DefaultAzureCredential (supports Managed Identity, CLI login, etc.)
credential = DefaultAzureCredential()
client = SecretClient(vault_url=key_vault_url, credential=credential)

# Retrieve a secret
secret_name = "my-secret"
retrieved_secret = client.get_secret(secret_name)

print("Secret Value:", retrieved_secret.value)

🔐 Note: This requires that your Fabric workspace or user identity has access to the Key Vault via Azure RBAC or access policies.

Summary

  • Service Principal support is not yet available but is on the roadmap.
  • Notebook access to Key Vault is possible using Azure SDKs, though not yet integrated with Fabric’s connection UI.
  • Keep an eye on the Microsoft Fabric roadmap for updates on authentication enhancements.

Let me know if you’d like a full notebook example or help setting up the Key Vault permissions!

Message 2 of 18
5,974 Views
0
Srisakthi
Super User
Super User
In response to burakkaragoz

‎05-15-2025 02:26 AM

Hi @burakkaragoz ,

If Service Principal approach is in roadmap, then we are good.

 

Azure Managed Identity:

Using Azure Managed Identity and ADF is not straight forward one. 

Python:

This is not utilising Fabric Notebook.

 

Here is the notebook approach if you want to utilise for

Notebook:

from azure.identity import ClientSecretCredential
from azure.keyvault.secrets import SecretClient
import ast


tenant_id = 'your tenant id'
client_id = 'client id'
client_secret ='client secret'

credential = ClientSecretCredential(tenant_id, client_id, client_secret)
vault_url = f"https://{keyvault_name}.vault.azure.net/"

secret_client = SecretClient(vault_url=vault_url, credential=credential)
secret = secret_client.get_secret(sp_secret_name)
secret_res = ast.literal_eval(secret.value)
 
Regards,
Srisakthi
Message 3 of 18
5,956 Views
0
burakkaragoz
Community Champion
Community Champion
In response to Srisakthi

‎05-19-2025 10:58 PM

Hi @Srisakthi ,

 

Yep, you can totally use Azure Key Vault secrets inside a Fabric Notebook. Here’s a quick way to do it using mssparkutils:

# Replace with your actual Key Vault URL and secret name
secret_value = mssparkutils.credentials.getSecret(
    'https://<your-keyvault-name>.vault.azure.net/',
    'your-secret-name'
)
print(secret_value)

This works as long as your workspace has access to the Key Vault and the connection is already set up in Fabric. No need to manually handle tokens or credentials—Fabric handles that behind the scenes.

Message 4 of 18
5,873 Views
0
yashaswi_raj
Helper I
Helper I
In response to burakkaragoz

‎08-18-2025 09:29 PM

Hi @burakkaragoz , no above solution not works if workspace has access to key vault , rather user session authentication is used here

Message 5 of 18
4,197 Views

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All