Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Atlanta from March 16 - 20, 2026, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM. Register now.

Reply
ptmk
Frequent Visitor

Connection to on-prem SQL using Azure Key vault refence

‎05-13-2025 06:53 AM

Hello, we have an on-prem data gateway that we can set up connections to our sql server on-prem. 
I would like to know if the Azure Key Vault references can be leveraged to set up connections to the on-prem sql? What would the steps be?

From here, I understood this is only for AS and semantic models
Bring your own encryption keys for Power BI - Power BI | Microsoft Learn
Guy in a cube mentions custom connectors.

 

Thanks!

Labels:
Message 1 of 6
709 Views
0
2 ACCEPTED SOLUTIONS
rohit1991
Super User
Super User

‎05-13-2025 10:35 AM

Hi @ptmk ,

Azure Key Vault integration in Power BI—specifically for managing credentials like SQL Server usernames and passwords—is not supported directly for on-premises data sources via the on-prem data gateway. As you've rightly pointed out, Azure Key Vault references are primarily used for Analysis Services and semantic models, particularly in scenarios involving Bring Your Own Key (BYOK) for data encryption at rest. While there are evolving capabilities around enhanced data protection and custom connectors (as mentioned by Guy in a Cube), native support for using Azure Key Vault secrets in gateway-managed data source connections is not available at this time.

 

As a workaround, any credential used for on-prem SQL connections through the gateway needs to be manually entered and securely stored within the gateway configuration. If you're aiming to improve credential management or rotate secrets securely, you might consider using PowerShell scripts or APIs to update gateway credentials programmatically in sync with your Key Vault, although this requires custom implementation.

 


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!

View solution in original post

Message 2 of 6
680 Views
v-tsaipranay
Community Support
Community Support

‎05-14-2025 08:54 PM

Hi @ptmk ,

Thank you for reaching out to the Microsoft fabric community forum. Also thank you @rohit1991  for your inputs.

 

Currently, Power BI does not support native integration with Azure Key Vault for managing credentials of on-premises data sources via the On-premises Data Gateway. This means that credentials such as SQL Server usernames and passwords must be manually entered and securely stored within the gateway configuration.

Azure Key Vault integration in Power BI is primarily utilized for:

  • Bring Your Own Key (BYOK) scenarios, allowing organizations to manage encryption keys for data at rest in Power BI Premium capacities.
  • Semantic models, where Azure Key Vault references can be used to manage encryption keys.

For more information on BYOK, please refer to the official documentation: Bring your own encryption keys for Power BI

While direct integration is not available, organizations seeking to enhance credential management may consider implementing custom solutions. This can involve using Power BI REST APIs or PowerShell scripts to programmatically update gateway credentials in synchronization with Azure Key Vault. However, such approaches require careful planning and custom development.

 

Hope this helps. Please reach out for further assistance.

If this post helps, then please consider to Accept as the solution to help the other members find it more quickly and a kudos would be appreciated.

 

Thank you.

View solution in original post

Message 3 of 6
636 Views
0
5 REPLIES 5
v-tsaipranay
Community Support
Community Support

‎05-25-2025 10:08 PM

Hi @PowerTab ,

 

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

 

Thank you.

Message 6 of 6
530 Views
0
v-tsaipranay
Community Support
Community Support

‎05-22-2025 06:21 PM

Hi @ptmk ,

 

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

 

Thank you.

Message 5 of 6
553 Views
0
v-tsaipranay
Community Support
Community Support

‎05-14-2025 08:54 PM

Hi @ptmk ,

Thank you for reaching out to the Microsoft fabric community forum. Also thank you @rohit1991  for your inputs.

 

Currently, Power BI does not support native integration with Azure Key Vault for managing credentials of on-premises data sources via the On-premises Data Gateway. This means that credentials such as SQL Server usernames and passwords must be manually entered and securely stored within the gateway configuration.

Azure Key Vault integration in Power BI is primarily utilized for:

  • Bring Your Own Key (BYOK) scenarios, allowing organizations to manage encryption keys for data at rest in Power BI Premium capacities.
  • Semantic models, where Azure Key Vault references can be used to manage encryption keys.

For more information on BYOK, please refer to the official documentation: Bring your own encryption keys for Power BI

While direct integration is not available, organizations seeking to enhance credential management may consider implementing custom solutions. This can involve using Power BI REST APIs or PowerShell scripts to programmatically update gateway credentials in synchronization with Azure Key Vault. However, such approaches require careful planning and custom development.

 

Hope this helps. Please reach out for further assistance.

If this post helps, then please consider to Accept as the solution to help the other members find it more quickly and a kudos would be appreciated.

 

Thank you.

Message 3 of 6
637 Views
0
v-tsaipranay
Community Support
Community Support
In response to v-tsaipranay

‎05-18-2025 09:13 PM

Hi @ptmk ,

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.


Thank you.

Message 4 of 6
598 Views
0
rohit1991
Super User
Super User

‎05-13-2025 10:35 AM

Hi @ptmk ,

Azure Key Vault integration in Power BI—specifically for managing credentials like SQL Server usernames and passwords—is not supported directly for on-premises data sources via the on-prem data gateway. As you've rightly pointed out, Azure Key Vault references are primarily used for Analysis Services and semantic models, particularly in scenarios involving Bring Your Own Key (BYOK) for data encryption at rest. While there are evolving capabilities around enhanced data protection and custom connectors (as mentioned by Guy in a Cube), native support for using Azure Key Vault secrets in gateway-managed data source connections is not available at this time.

 

As a workaround, any credential used for on-prem SQL connections through the gateway needs to be manually entered and securely stored within the gateway configuration. If you're aiming to improve credential management or rotate secrets securely, you might consider using PowerShell scripts or APIs to update gateway credentials programmatically in sync with your Key Vault, although this requires custom implementation.

 


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 2 of 6
681 Views

Helpful resources

Announcements
October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All