Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
vasotsich
Frequent Visitor

Protect security information in Fabric Notebook

Hello all, 

 

I have recently started using Microsoft's Fabric and I have created a notebook. The notebook basically does an API call to a URL to get some information and stores them in multiple delta tables. To do the API call we need to authenticate against a URL to get the access token, we do this by using the requests library in python and adding the appropriate information:

 

# The URL for the Microsoft identity platform token endpoint
url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"

# The data for the POST request
data = {
    "client_id": client_id,
    "scope": scope,
    "client_secret": client_secret,
    "grant_type": "client_credentials"
}

# Make the POST request and get the access token
response = requests.post(url, data=data)
access_token = response.json().get('access_token')

 

 

Right now I give the client_id, tenant_id and client_secret in another cell but this is not secure at all. What ways exist to secure this inputs? Azure key vault would be a good solution for example?

 

Thanks a lot. 

1 ACCEPTED SOLUTION
v-cboorla-msft
Community Support
Community Support

Hi @vasotsich 

 

Thanks for using Microsoft Fabric Community.

As I understand that you want to protect security information in Fabric Notebook. 

Yes, you are correct Azure key vault would be a good solution for protecting secure information. Certainly! Securing sensitive information such as client_id, tenant_id, and client_secret is crucial, especially when dealing with authentication in your Microsoft Fabric notebook. Azure Key Vault provides a secure and efficient way to manage secrets, ensuring that your credentials remain confidential.

Please refer to the following documentation for more information.

Link: Reading and Writing Secrets in Azure Key Vault Using Microsoft Fabric Notebooks.

 

I hope this information helps. Please do let us know if you have any further questions.

 

Thanks.

View solution in original post

10 REPLIES 10
v-cboorla-msft
Community Support
Community Support

Hi @vasotsich 

 

Thanks for using Microsoft Fabric Community.

As I understand that you want to protect security information in Fabric Notebook. 

Yes, you are correct Azure key vault would be a good solution for protecting secure information. Certainly! Securing sensitive information such as client_id, tenant_id, and client_secret is crucial, especially when dealing with authentication in your Microsoft Fabric notebook. Azure Key Vault provides a secure and efficient way to manage secrets, ensuring that your credentials remain confidential.

Please refer to the following documentation for more information.

Link: Reading and Writing Secrets in Azure Key Vault Using Microsoft Fabric Notebooks.

 

I hope this information helps. Please do let us know if you have any further questions.

 

Thanks.

Hi Team, 
I used to connect to keyvault from databrick by mounting it.
I have done throught the documentation that is provided above, but as i see they are creating keyvault adding secret to KV and then fetching the secret from KV using "mssparkutils.credentials.getSecret"

But I dont see any authentication provided to connect to Keyvault. Can you please help me with this?

 

Hey are you trying to do this a notebook in Fabric? Is so, you need to import the library first and then the parameters you need. The python code should look something like this:

 

from trident_token_library_wrapper import PyTridentTokenLibrary as tl
 
key_vault_name = 'the-name-of-your-vault'
access_token = mssparkutils.credentials.getToken("keyvault")

# Tenant ID, Client ID and Client Secret
tenant_id = tl.get_secret_with_token(f'https://{key_vault_name}.vault.azure.net/', 'the-name-you-gave-the-corresponding-secret', access_token)
client_id = tl.get_secret_with_token(f'https://{key_vault_name}.vault.azure.net/', 'the-name-you-gave-the-corresponding-secret', access_token)
client_secret = tl.get_secret_with_token(f'https://{key_vault_name}.vault.azure.net/', 'the-name-you-gave-the-corresponding-secret', access_token)
 
if you try to print any of the above secrets it will tell you "reducted" but in my case it worked fine. Also, I run this notebook through my account and my account has access to the key vault. I hope I helped. 

I tired the suggested already but iam facing this issue, not sure what the root cause iam pretty sure my Keyvault URL is right, But how to know if the fabric has connectivity to this. Since i have enabled fabric free trial from app.powerbi.com directly. I am currently implementing POC.

Error : Py4JJavaError: An error occurred while calling o4789.getSecretWithToken. : java.io.IOException: 401 {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer. 

From the error you are getting it seems that the user is not authorized to access the key vault or read the secret. You need to set the correct permissions to the vault and then try again. 

To connect to KeyVault from notebook, do we need to provide access to users. Cant we use SPN to connect to KeyVault. Because as per our policies we cannot provide read access on keyVault to individual users. May i know to how to connecto KeyVault using SPN .

I See the provided link is for databricks, but what i need is how to authenticate using SPN to connect to key vault from microsoft fabric notebook

Thanks for the information! This is exactly what I was looking for. 

Hi @vasotsich 

 

Glad that your query got resolved.

Please continue using Fabric Community for any help regarding your queries.

 

Thanks.

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

March 2024  FBC Gallery Image

Fabric Monthly Update - March 2024

Check out the March 2024 Fabric update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

Top Kudoed Authors