Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
vasotsich
Frequent Visitor

Protect security information in Fabric Notebook

‎02-16-2024 02:13 AM

Hello all, 

 

I have recently started using Microsoft's Fabric and I have created a notebook. The notebook basically does an API call to a URL to get some information and stores them in multiple delta tables. To do the API call we need to authenticate against a URL to get the access token, we do this by using the requests library in python and adding the appropriate information:

 

# The URL for the Microsoft identity platform token endpoint
url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"

# The data for the POST request
data = {
    "client_id": client_id,
    "scope": scope,
    "client_secret": client_secret,
    "grant_type": "client_credentials"
}

# Make the POST request and get the access token
response = requests.post(url, data=data)
access_token = response.json().get('access_token')

 

 

Right now I give the client_id, tenant_id and client_secret in another cell but this is not secure at all. What ways exist to secure this inputs? Azure key vault would be a good solution for example?

 

Thanks a lot. 

Message 1 of 11
4,104 Views
0
2 ACCEPTED SOLUTIONS
v-cboorla-msft
Microsoft Employee
Microsoft Employee

‎02-16-2024 02:54 AM

Hi @vasotsich 

 

Thanks for using Microsoft Fabric Community.

As I understand that you want to protect security information in Fabric Notebook. 

Yes, you are correct Azure key vault would be a good solution for protecting secure information. Certainly! Securing sensitive information such as client_id, tenant_id, and client_secret is crucial, especially when dealing with authentication in your Microsoft Fabric notebook. Azure Key Vault provides a secure and efficient way to manage secrets, ensuring that your credentials remain confidential.

Please refer to the following documentation for more information.

Link: Reading and Writing Secrets in Azure Key Vault Using Microsoft Fabric Notebooks.

 

I hope this information helps. Please do let us know if you have any further questions.

 

Thanks.

View solution in original post

Message 2 of 11
4,073 Views
0
v-cboorla-msft
Microsoft Employee
Microsoft Employee
In response to v-cboorla-msft

‎02-16-2024 02:59 AM

Hi @vasotsich 

 

Glad that your query got resolved.

Please continue using Fabric Community for any help regarding your queries.

 

Thanks.

View solution in original post

Message 3 of 11
4,068 Views
0
10 REPLIES 10
v-cboorla-msft
Microsoft Employee
Microsoft Employee

‎02-16-2024 02:54 AM

Hi @vasotsich 

 

Thanks for using Microsoft Fabric Community.

As I understand that you want to protect security information in Fabric Notebook. 

Yes, you are correct Azure key vault would be a good solution for protecting secure information. Certainly! Securing sensitive information such as client_id, tenant_id, and client_secret is crucial, especially when dealing with authentication in your Microsoft Fabric notebook. Azure Key Vault provides a secure and efficient way to manage secrets, ensuring that your credentials remain confidential.

Please refer to the following documentation for more information.

Link: Reading and Writing Secrets in Azure Key Vault Using Microsoft Fabric Notebooks.

 

I hope this information helps. Please do let us know if you have any further questions.

 

Thanks.

Message 2 of 11
4,074 Views
0
yash2303
Regular Visitor
In response to v-cboorla-msft

‎02-27-2024 01:53 AM

Hi Team, 
I used to connect to keyvault from databrick by mounting it.
I have done throught the documentation that is provided above, but as i see they are creating keyvault adding secret to KV and then fetching the secret from KV using "mssparkutils.credentials.getSecret"

But I dont see any authentication provided to connect to Keyvault. Can you please help me with this?

 

Message 5 of 11
3,986 Views
0
vasotsich
Frequent Visitor
In response to yash2303

‎02-27-2024 01:58 AM

Hey are you trying to do this a notebook in Fabric? Is so, you need to import the library first and then the parameters you need. The python code should look something like this:

 

from trident_token_library_wrapper import PyTridentTokenLibrary as tl
 
key_vault_name = 'the-name-of-your-vault'
access_token = mssparkutils.credentials.getToken("keyvault")

# Tenant ID, Client ID and Client Secret
tenant_id = tl.get_secret_with_token(f'https://{key_vault_name}.vault.azure.net/', 'the-name-you-gave-the-corresponding-secret', access_token)
client_id = tl.get_secret_with_token(f'https://{key_vault_name}.vault.azure.net/', 'the-name-you-gave-the-corresponding-secret', access_token)
client_secret = tl.get_secret_with_token(f'https://{key_vault_name}.vault.azure.net/', 'the-name-you-gave-the-corresponding-secret', access_token)
 
if you try to print any of the above secrets it will tell you "reducted" but in my case it worked fine. Also, I run this notebook through my account and my account has access to the key vault. I hope I helped. 
Message 6 of 11
3,984 Views
0
yash2303
Regular Visitor
In response to vasotsich

‎02-27-2024 02:14 AM

I tired the suggested already but iam facing this issue, not sure what the root cause iam pretty sure my Keyvault URL is right, But how to know if the fabric has connectivity to this. Since i have enabled fabric free trial from app.powerbi.com directly. I am currently implementing POC.

Error : Py4JJavaError: An error occurred while calling o4789.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer. 

Message 7 of 11
3,975 Views
0
vasotsich
Frequent Visitor
In response to yash2303

‎02-27-2024 03:08 AM

From the error you are getting it seems that the user is not authorized to access the key vault or read the secret. You need to set the correct permissions to the vault and then try again. 

Message 8 of 11
3,972 Views
0
yash2303
Regular Visitor
In response to vasotsich

‎02-27-2024 08:34 AM

To connect to KeyVault from notebook, do we need to provide access to users. Cant we use SPN to connect to KeyVault. Because as per our policies we cannot provide read access on keyVault to individual users. May i know to how to connecto KeyVault using SPN .

Message 9 of 11
3,967 Views
0
vasotsich
Frequent Visitor
In response to yash2303

‎02-28-2024 12:05 AM

This might help you but I am not sure: Run a job with a Microsoft Entra ID service principal - Azure Databricks | Microsoft Learn

Message 10 of 11
3,952 Views
0
yash2303
Regular Visitor
In response to vasotsich

‎02-28-2024 12:53 AM

I See the provided link is for databricks, but what i need is how to authenticate using SPN to connect to key vault from microsoft fabric notebook

Message 11 of 11
3,943 Views
0
vasotsich
Frequent Visitor
In response to v-cboorla-msft

‎02-16-2024 03:01 AM

Thanks for the information! This is exactly what I was looking for. 

Message 4 of 11
4,065 Views
v-cboorla-msft
Microsoft Employee
Microsoft Employee
In response to v-cboorla-msft

‎02-16-2024 02:59 AM

Hi @vasotsich 

 

Glad that your query got resolved.

Please continue using Fabric Community for any help regarding your queries.

 

Thanks.

Message 3 of 11
4,069 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

May FBC25 Carousel

Fabric Monthly Update - May 2025

Check out the May 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All