Solved: Re: Microsoft Fabric connect to Azure Key Vault

datakohai12 · ‎06-20-2023

Greetings everyone,

I am trying to establish a connection between my Microsoft Fabric notebook and an Azure KeyVault to access some secrets. Unfortunately, I am facing an issue with MSI while using Power BI, as it keeps timing out when trying to obtain a token. Any suggestions on how to resolve this issue would be greatly appreciated. Thank you.

GeethaT-MSFT · ‎06-26-2023

@datakohai12 Thanks for sharing the steps Fabric currently does not support managed identity authentication which is what this is trying to authenticate via. Until that's fully integrated, there's a simple workaround. As long as you are executing notebook has access to the vault, the below will work.

from trident_token_library_wrapper import PyTridentTokenLibrary as tl

access_token = mssparkutils.credentials.getToken("keyvault")

tl.get_secret_with_token("https://vaultName.vault.azure.net/","secretName",access_token)

Regards

Geetha

View solution in original post

GeethaT-MSFT · ‎07-05-2023

@datakohai12 It wouldn't be present in pypi

you should be able to execute that code directly in your Trident notebook if you're not able to send over a screenshot of the error.

Regards

Geetha

View solution in original post

datakohai12 · ‎07-05-2023

Interesting is now working. Thanks.

View solution in original post

ritikesh · ‎10-11-2024

Yes, I'm have access to the fabric in it's tenant and the key vault in another tenant.

This is the error I received:

File ~/cluster-env/clonedenv/lib/python3.10/site-packages/py4j/protocol.py:326, in get_return_value(answer, gateway_client, target_id, name) 324 value = OUTPUT_CONVERTER[type](answer[2:], gateway_client) 325 if answer[1] == REFERENCE_TYPE:--> 326 raise Py4JJavaError( 327 "An error occurred while calling {0}{1}{2}.\n". 328 format(target_id, ".", name), value) 329 else: 330 raise Py4JError( 331 "An error occurred while calling {0}{1}{2}. Trace:\n{3}\n". 332 format(target_id, ".", name, value)) Py4JJavaError: An error occurred while calling o6042.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer. Expected one of xxxxxxxxxx________, xxxxxxxxxx________, xxxxxxxxxx________, found xxxxxxxxxx________ at com.microsoft.azure.trident.tokenlibrary.TokenLibrary.getSecretWithToken(TokenLibrary.scala:804) at com.microsoft.azure.trident.tokenlibrary.TokenLibrary$.getSecretWithToken(TokenLibrary.scala:1347) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl

ritikesh · ‎10-10-2024

I'm get the same invalid issuer notebook and am using the PyTridentTokenLibrary but the notebook and KeyVault are in different tenants. Is there a workaround for this ? Or is the managed identity method available now?

Jaimini · ‎10-11-2024

@ritikesh managed identity authentication is till not available. do you have access to the KeyVault with your account? could you please share the snapshot of the code/error?

GeethaT-MSFT · ‎06-26-2023

@datakohai12 Thanks for sharing the steps Fabric currently does not support managed identity authentication which is what this is trying to authenticate via. Until that's fully integrated, there's a simple workaround. As long as you are executing notebook has access to the vault, the below will work.

from trident_token_library_wrapper import PyTridentTokenLibrary as tl

access_token = mssparkutils.credentials.getToken("keyvault")

tl.get_secret_with_token("https://vaultName.vault.azure.net/","secretName",access_token)

Regards

Geetha

Soobramoney · ‎01-22-2025

Hi Geetha,

I still get the following error -

Py4JJavaError: An error occurred while calling o4768.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer. Expected one of https://sts.windows.net/xxxxxx/, https://sts.windows.net/xxxxxxxxxx/, https://sts.windows.net/xxxx/, found https://sts.windows.net/xxxx/."}}.

The fabric user has access to the key vault , but the key vault is on a different tenant.

GeovannyU · ‎12-02-2024

Do you know if it is possible to connect to Azure KeyVault from the Microsoft Fabric notebook using Microsoft Fabric Workspace Identity?

Anonymous · ‎06-10-2024

Hi! How do we give the executing notebook as access to the key vault?

Jaimini · ‎09-09-2024

Hi @Anonymous

As long as you are using the same account for running the notebook and having access to KeyVault with the same account, you can extract secret from KeyVault and use them in notebook.

Anonymous · ‎11-24-2023

@GeethaT-MSFT

I have used the above code to mount the data lake gen2 using notebook in microsoft fabric and getting below error - An error occurred while calling o4394.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer.

datakohai12 · ‎06-30-2023

Hi Geetha,

I apologize for the delayed response. Thanks for the workaround; I am using it now, though I am having trouble finding trident_token_library_wrapper. Could you direct me to it in PyPi?

GeethaT-MSFT · ‎07-05-2023

@datakohai12 It wouldn't be present in pypi

you should be able to execute that code directly in your Trident notebook if you're not able to send over a screenshot of the error.

Regards

Geetha

datakohai12 · ‎07-05-2023

Interesting is now working. Thanks.

GeethaT-MSFT · ‎07-05-2023

Good to hear that it is now working for you,
Thanks for visiting Fabric Community have a great day!

Regards

Geetha

GeethaT-MSFT · ‎06-26-2023

Hi @datakohai12 Thanks for posting your question in Microsoft Fabric Community

Can you please share the steps you have followed or any screenshot of the error.

Regards

Geetha

datakohai12 · ‎06-26-2023

Hi,

The following are my steps:

Created a Synapse Data Engineering Notebook
Granted the Power BI Service Account Get permissions via Access Policy in the Azure Key Vault

Here is a screenshot of the code and the error message:

Microsoft Fabric connect to Azure Key Vault

Helpful resources

Fabric Monthly Update - December 2025

FabCon Atlanta 2026

FabCon is coming to Atlanta

Microsoft Fabric connect to Azure Key Vault

Helpful resources

Fabric Monthly Update - December 2025

FabCon Atlanta 2026