Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
MonikaK23
New Member

Need help in accessing key vault secrets from fabric notebooks

My Fabric is capacity is not created in azure subscription and its created in PowerBI workspace and its indenpendent. Because of this I am not able to add Fabric in Access policies of keyvaults. I am trying to access the keyvault from fabric notebook using below code. My keyvault is configured to "Allow public access from specific virtual networks and IP addresses". So its throwing the firewall issue. There is a service principal created for secret. I have tried providing access to service principal in IAM and access policies. But still not working. Can you please help.

 

from trident_token_library_wrapper \ import PyTridentTokenLibrary as tl

#2 key_vault_name = '<unique-keyvault-name>' key_name = "AHV-name" # key name added to vault

# 3 access_token = mssparkutils.credentials.getToken("keyvault")

# 4 ai_services_key = tl.get_secret_with_token( \ f"https://{key_vault_name}.vault.azure.net/", \ key_name, \ access_token)

11 REPLIES 11
maditya_01
Employee
Employee

We are also facing the same issue. Can  we do this like for each session we are getting different-2 IP and we can add these IP's in Network in Azure portal using some python script

krishn
Helper I
Helper I

can please share if there any document or detailed steps accessing Key Vault secrest in Microsoft Fabric. We are pretry new to Microsoft Fabric and need to set it up configurig rest api data puls.

IntoNumbers
New Member

I have the same issue since today.

I'm using notebookutils.mssparkutils.credentials import getSecret and until yesterday everything worked just fine for weeks.

 

BR IntoNumbers 

HimanshuS-msft
Community Support
Community Support

Hello @MonikaK23 

The challenge  here is that the firewall expects the IP to be whitelisted and then you only you can use the code to retrieve the secret . 
You can get the IP of the cluster by doing this . 

 

from notebookutils.mssparkutils.credentials import getSecret
import requests
res = requests.get("http://checkip.dyndns.com")
print(res.text)

 

and once you whitelist the IP , it will work fine , I did tested the same . 

 

HimanshuSmsft_0-1709065687701.png

 

 

Thanks 
Himanshu

Hi @HimanshuS-msft ,

IP is not static and everytime the IP address is changing. When I am running the notebook alone after whitelisting the IP its working fine, but when triggering the pipeline it starts a new session and IP address is different. Whtelisting the IP is not working.

Error details :

An error occurred while calling o4363.getSecretWithToken. : java.io.IOException: 403 {"error":{"code":"Forbidden","message":"Client address is not authorized and caller is not a trusted service.\r\nClient address: ###.###.###.##

puneetvijwani
Resolver IV
Resolver IV

@MonikaK23  Have you tried below approach , let me know if its working or not

from notebookutils.mssparkutils.credentials import getSecret

keyvault_url = "https://keyvaultname.vault.azure.net/"
secret_name_in_notebook = getSecret(keyvault_url, "secretnameinkeyvault")




I am still getting the same error

Hi @MonikaK23 

Apologies for the issue you have been facing.

I would suggest you to create a support ticket. This is the most direct way to get official assistance and specific insights into your situation. The support team can access detailed logs and metrics to pinpoint the issue and suggest solutions.

Please go ahead and raise a support ticket to reach our support team: Link 

After creating a Support ticket please provide the ticket number as it would help us to track for more information.

Thanks.

Hi @egons11 

We haven’t heard from you on the last response and was just checking back to see if you got a chance to create a support ticket. If yes please provide the details here. Otherwise, will respond back with the more details and we will try to help.
Thanks

v-nikhilan-msft
Community Support
Community Support

Hi @MonikaK23 
Thanks for using Fabric Community.
Can you please share the steps you have followed or any screenshot of the error? This information would help to guide you better.
Thanks.

@HimanshuS-msft @v-nikhilan-msft  Any update in this issue? I m also facing this issue. Everytime ip address get change , therefore cant run notebook

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

Expanding the Synapse Forums

New forum boards available in Synapse

Ask questions in Data Engineering, Data Science, Data Warehouse and General Discussion.

MayFabricCarousel

Fabric Monthly Update - May 2024

Check out the May 2024 Fabric update to learn about new features.