Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
-_
Regular Visitor

Securely using credentials in Notebook without using Azure Key Store

‎04-17-2025 02:41 AM

We want to run some Python in a Fabric notebook to connect to an API and ingest data from there. Obviously I don't want to store the credentials as text in the notebook. 

 

From searching, it seems like the recommended way is to store the credentials in an Azure Key Store. However, we don't use Azure and are not set up for it. It also seems strange to me that this basic security feature would require a separate, paid subscription to a separate Microsoft product rather than being able to handle it all within Fabric.

 

Are there any other options or workarounds for securely storing and accessing credentials within Fabric itself?

Labels:
Message 1 of 4
660 Views
0
1 ACCEPTED SOLUTION
v-tsaipranay
Community Support
Community Support

‎04-17-2025 10:17 PM

Hi @-_ ,

Thank you for reaching out to the Microsoft Fabric Community.

 

You're right to avoid embedding credentials in notebook code due to security risks. While Azure Key Vault is the most secure option within the Microsoft ecosystem, we recognize that not all organizations use Azure or have an active Key Vault subscription.

 

Microsoft Fabric offers alternative approaches to ensure credential security. One effective method is the use of notebook parameters in conjunction with Fabric pipelines. Credentials can be defined as parameters and securely passed at runtime through a pipeline, thereby keeping sensitive information out of the notebook’s source code. Access to these parameters can be tightly controlled through workspace-level permissions, ensuring only authorized personnel can access or modify them.

 

Additionally, Microsoft Fabric supports storing sensitive files within OneLake, utilizing Data Access Roles (currently in preview). This allows you to store encrypted credential files such as JSON documents and enforce granular access controls, ensuring that only specific notebooks or identities can read them. This approach enables secure credential management entirely within the Fabric environment, without requiring integration with external services.

 

For detailed guidance, you may refer to the official documentation on OneLake Data Access Roles and Authoring and Executing Notebooks in Microsoft Fabric.

 

I hope this will resolve your issue, if you need any further assistance, feel free to reach out.

If this post helps, then please give us Kudos and consider Accept it as a solution to help the other members find it more quickly.

 

Thankyou.

View solution in original post

Message 2 of 4
610 Views
3 REPLIES 3
v-tsaipranay
Community Support
Community Support

‎04-17-2025 10:17 PM

Hi @-_ ,

Thank you for reaching out to the Microsoft Fabric Community.

 

You're right to avoid embedding credentials in notebook code due to security risks. While Azure Key Vault is the most secure option within the Microsoft ecosystem, we recognize that not all organizations use Azure or have an active Key Vault subscription.

 

Microsoft Fabric offers alternative approaches to ensure credential security. One effective method is the use of notebook parameters in conjunction with Fabric pipelines. Credentials can be defined as parameters and securely passed at runtime through a pipeline, thereby keeping sensitive information out of the notebook’s source code. Access to these parameters can be tightly controlled through workspace-level permissions, ensuring only authorized personnel can access or modify them.

 

Additionally, Microsoft Fabric supports storing sensitive files within OneLake, utilizing Data Access Roles (currently in preview). This allows you to store encrypted credential files such as JSON documents and enforce granular access controls, ensuring that only specific notebooks or identities can read them. This approach enables secure credential management entirely within the Fabric environment, without requiring integration with external services.

 

For detailed guidance, you may refer to the official documentation on OneLake Data Access Roles and Authoring and Executing Notebooks in Microsoft Fabric.

 

I hope this will resolve your issue, if you need any further assistance, feel free to reach out.

If this post helps, then please give us Kudos and consider Accept it as a solution to help the other members find it more quickly.

 

Thankyou.

Message 2 of 4
611 Views
v-tsaipranay
Community Support
Community Support
In response to v-tsaipranay

‎04-21-2025 07:13 AM

Hi @-_ 

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.


Thank you.

Message 3 of 4
498 Views
0
-_
Regular Visitor
In response to v-tsaipranay

‎04-23-2025 01:29 AM

Thank you, I will explore these options. I think they will solve our problem.

Message 4 of 4
459 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All