Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now
Greetings everyone,
I am trying to establish a connection between my Microsoft Fabric notebook and an Azure KeyVault to access some secrets. Unfortunately, I am facing an issue with MSI while using Power BI, as it keeps timing out when trying to obtain a token. Any suggestions on how to resolve this issue would be greatly appreciated. Thank you.
Solved! Go to Solution.
@datakohai12 Thanks for sharing the steps Fabric currently does not support managed identity authentication which is what this is trying to authenticate via. Until that's fully integrated, there's a simple workaround. As long as you are executing notebook has access to the vault, the below will work.
from trident_token_library_wrapper import PyTridentTokenLibrary as tl
access_token = mssparkutils.credentials.getToken("keyvault")
tl.get_secret_with_token("https://vaultName.vault.azure.net/","secretName",access_token)
Regards
Geetha
@datakohai12 It wouldn't be present in pypi
you should be able to execute that code directly in your Trident notebook if you're not able to send over a screenshot of the error.
Regards
Geetha
Yes, I'm have access to the fabric in it's tenant and the key vault in another tenant.
This is the error I received:
File ~/cluster-env/clonedenv/lib/python3.10/site-packages/py4j/protocol.py:326, in get_return_value(answer, gateway_client, target_id, name) 324 value = OUTPUT_CONVERTER[type](answer[2:], gateway_client) 325 if answer[1] == REFERENCE_TYPE:--> 326 raise Py4JJavaError( 327 "An error occurred while calling {0}{1}{2}.\n". 328 format(target_id, ".", name), value) 329 else: 330 raise Py4JError( 331 "An error occurred while calling {0}{1}{2}. Trace:\n{3}\n". 332 format(target_id, ".", name, value)) Py4JJavaError: An error occurred while calling o6042.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer. Expected one of xxxxxxxxxx________, xxxxxxxxxx________, xxxxxxxxxx________, found xxxxxxxxxx________ at com.microsoft.azure.trident.tokenlibrary.TokenLibrary.getSecretWithToken(TokenLibrary.scala:804) at com.microsoft.azure.trident.tokenlibrary.TokenLibrary$.getSecretWithToken(TokenLibrary.scala:1347) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl
I'm get the same invalid issuer notebook and am using the PyTridentTokenLibrary but the notebook and KeyVault are in different tenants. Is there a workaround for this ? Or is the managed identity method available now?
@ritikesh managed identity authentication is till not available. do you have access to the KeyVault with your account? could you please share the snapshot of the code/error?
@datakohai12 Thanks for sharing the steps Fabric currently does not support managed identity authentication which is what this is trying to authenticate via. Until that's fully integrated, there's a simple workaround. As long as you are executing notebook has access to the vault, the below will work.
from trident_token_library_wrapper import PyTridentTokenLibrary as tl
access_token = mssparkutils.credentials.getToken("keyvault")
tl.get_secret_with_token("https://vaultName.vault.azure.net/","secretName",access_token)
Regards
Geetha
Hi! How do we give the executing notebook as access to the key vault?
As long as you are using the same account for running the notebook and having access to KeyVault with the same account, you can extract secret from KeyVault and use them in notebook.
I have used the above code to mount the data lake gen2 using notebook in microsoft fabric and getting below error - An error occurred while calling o4394.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer.
Hi Geetha,
I apologize for the delayed response. Thanks for the workaround; I am using it now, though I am having trouble finding trident_token_library_wrapper. Could you direct me to it in PyPi?
@datakohai12 It wouldn't be present in pypi
you should be able to execute that code directly in your Trident notebook if you're not able to send over a screenshot of the error.
Regards
Geetha
Interesting is now working. Thanks.
Good to hear that it is now working for you,
Thanks for visiting Fabric Community have a great day!
Regards
Geetha
Hi @datakohai12 Thanks for posting your question in Microsoft Fabric Community
Can you please share the steps you have followed or any screenshot of the error.
Regards
Geetha
Hi,
The following are my steps:
Here is a screenshot of the code and the error message: