Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
davidwag
Frequent Visitor

Protecting Secrets with Fabric Notebooks

Are there any resources available for best practices when it comes to protecting secrets and other sensitive information related to APIs (or in general) when using the new MS Fabric Notebooks? Traditionally an (dot)env file would be used to protect these sensitive items. I have failed to find any information regarding implementing something similar with Notebooks so any feedback would be helpful.

6 REPLIES 6
yongshao
Frequent Visitor

" storing things in keyvault and getting those details in notebook for the use " is desired, but accessing keyvault requires client_id/secret from notebook. The question is how secure client_id/secret inside Fabric notebook? Fabric should support managed entity integration as Synapse has linked service and managed entity

MonikaK23
New Member

Hi, I am trying to access the keyvault from fabric notebook using below code. My keyvault is configured to Allow public access from specific virtual networks and IP addresses. So its throwing the firewall issue. There is a service principal created for secret. I have tried providing access to service principal in IAM and access policies. But still not working. Please help.

 

from trident_token_library_wrapper \ import PyTridentTokenLibrary as tl

#2 key_vault_name = '<unique-keyvault-name>' key_name = "AHV-name" # key name added to vault

# 3 access_token = mssparkutils.credentials.getToken("keyvault")

# 4 ai_services_key = tl.get_secret_with_token( \ f"https://{key_vault_name}.vault.azure.net/", \ key_name, \ access_token)

yongshao
Frequent Visitor

I've similar question - from MS Fabric notebook to access key vault, 

mssparkutils.credentials.getSecret('https://<name>.vault.azure.net/', 'secret name') always throws AKV10032: Invalid issuer

 

using SecretClient and DefaultAzureCredential works fine but it requires client_id/secret in the notebook
 
please help
1) how to make mssparkutils.credentials.getSecret() work?
2) if using SecretClient and DefaultAzureCredential, how to secure client_id/secret in the notebook?
 
 

 

Aaron301
Frequent Visitor

Did you ever find a good way of doing this?

puneetvijwani
Resolver IV
Resolver IV

@davidwag @Scott_Powell  What details needed to be hidden ??
have you tried storing thing sin keyvault and getting those details in notebook for the use 
this is more standard way 

Scott_Powell
Advocate III
Advocate III

This is a great question I'd like to know the answer to also. Thinking about using a notebook python script to call Power BI dataset refreshes when a specific event occurs, in a specific order. But I'll need to be able to hide the service account details we use when calling the API.

 

Thx,

Scott

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

Expanding the Synapse Forums

New forum boards available in Synapse

Ask questions in Data Engineering, Data Science, Data Warehouse and General Discussion.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayFBCUpdateCarousel

Fabric Monthly Update - May 2024

Check out the May 2024 Fabric update to learn about new features.

Top Solution Authors