Skip to main content
Showing results for 
Search instead for 
Did you mean: 

The ultimate Microsoft Fabric, Power BI, Azure AI & SQL learning event! Join us in Las Vegas from March 26-28, 2024. Use code MSCUST for a $100 discount. Register Now

New Member

Writing / updating secrets to azure key vault from fabric

Anyone else having this issue or potential work arounds to write/overwrite secrets from fabric notebook to azure key vault?

It seems that the below code works when I use PyTridentTokenLibrary and mssparkutils it works successfuly but only on getting a token.


`import requests`
`from azure.keyvault.secrets import SecretClient`
`from trident_token_library_wrapper import PyTridentTokenLibrary as tl`
`from azure.identity import DefaultAzureCredential`

`akvName = 'azurekeyvault-name'`

`kv_access_token = mssparkutils.credentials.getToken("keyvault")`

`refresh_token = tl.get_secret_with_token("https://keyvault","secret_name",kv_access_token)`

`refresh_token = tl.get_secret_with_token("https://keyvault","secret_name",kv_access_token)`


but when setting or putting a secret it returns an error:


`mssparkutils.credentials.putSecret(akvName, secret_name, secret_value)`


> Py4JJavaError: An error occurred while calling z:mssparkutils.credentials.putSecret. : java.util.NoSuchElementException: spark.arcadia.session.token at org.apache.spark.SparkConf.$anonfun$get$1(SparkConf.scala:266) at scala.Option.getOrElse(Option.scala:189) at org.apache.spark.SparkConf.get(SparkConf.scala:266) at$anonfun$getAccessTokenInternal$3(TokenLibrary.scala:271) at scala.util.Try$.apply(Try.scala:213) at at$anonfun$getAccessTokenInternal$4(TokenLibrary.scala:303) at scala.util.Try$.apply(Try.scala:213) at at at at$.putSecret(TokenLibrary.scala:1386) at mssparkutils.credentials$.putSecret(credentials.scala:138) at mssparkutils.credentials.putSecret(credentials.scala) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke( at sun.reflect.DelegatingMethodAccessorImpl.invoke( at java.lang.reflect.Method.invoke( at py4j.reflection.MethodInvoker.invoke( at py4j.reflection.ReflectionEngine.invoke( at py4j.Gateway.invoke( at py4j.commands.AbstractCommand.invokeMethod( at py4j.commands.CallCommand.execute( at at


Community Support
Community Support

Hi @Itsgoodas ,

Thankyou for using Microsoft Fabric Community and thanks for posting your question here.

I would be taking this forward to our internal team to understand if there is any deployment responsible for this error you are experiencing. However, meanwhile, I want you to make sure the following permissions are all set at your end. Kindly make sure :

  • The Synapse notebook managed service identity has been granted Secrets permission to the Azure Key Vault. Check Enable Azure RBAC permissions on Key Vault for more details on how to do that.
  • Active directory user id has blob contributor role in the storage account.

Looking forward to your response. Thanks.

Hi @Itsgoodas ,

We haven’t heard from you on the last response and was just checking back to see if you can provide the details asked above. Please let us know if you have any further queries.

Hi @Itsgoodas ,
Just following up to check whether you can provide the details asked in the above comment. Do let us know if you have any further queries.

Helpful resources

Fabric Community Conference

Microsoft Fabric Community Conference

Join us at our first-ever Microsoft Fabric Community Conference, March 26-28, 2024 in Las Vegas with 100+ sessions by community experts and Microsoft engineering.

Fabric Career Hub

Microsoft Fabric Career Hub

Explore career paths and learn resources in Fabric.

Fabric Partner Community

Microsoft Fabric Partner Community

Engage with the Fabric engineering team, hear of product updates, business opportunities, and resources in the Fabric Partner Community.

Fabric Hack Slide Banner

Hack Together: The Microsoft Fabric AI Global Hack

Learn from experts, get hands-on experience, and win awesome prizes.