Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
EduardD
Advocate II
Advocate II

Fabric notebook access to sharepoint auth

‎08-05-2025 06:14 PM

Hi there, I want to use Fabric notebook to 1) download multiple documents (not Excel or CSV) from sharepoint 2) process them together 3) post result back to the sharepoint online folder. 
I will use Python (not Spark) FAbric notebook for that. 

My code works when I use my Entra ID account, I want to switch to Service principle as the code will be used for automation. 
Question: what is secure way to store client secret? 
- Can I store it (encrypted) in noterbook/workspace Parameter ? how does it work?
- Can the Fabric notebook read the secret from keyvault? 
- if I use Spark notebook, will I be able to store my secret secure there?
any other ideas?

Thank you in advance. 

Thank you

Labels:
Message 1 of 6
439 Views
0
2 ACCEPTED SOLUTIONS
Mvsainathareddy
Advocate II
Advocate II

‎08-05-2025 11:11 PM

Hi @EduardD 

Can Fabric notebooks read the secret directly from Azure Key Vault?

Yes try like below and its works for you
Fabric Notebooks have built-in integration with Azure Key Vault. Store all sensitive secrets in Key Vault, assign your service principal the least-privileged access, and read secrets at runtime using the built-in mssparkutils.credentials.getSecret function (or notebookutils.credentials.getSecret depending on your Fabric version).

Example (Python code snippet):

python
secret = mssparkutils.credentials.getSecret("https://<your-key-vault-name>.vault.azure.net/", "your-secret-name")
This method ensures secrets never appear in code or logs, can be centrally rotated, and are auditable.

Prerequisite: Your service principal (or whoever runs the notebook) must have the correct Key Vault read permissions (using RBAC).

2.If you use a Spark notebook, can you securely store/read secrets there?

The same mechanisms to access Azure Key Vault (as above) apply to Spark notebooks in Fabric. Use mssparkutils.credentials.getSecret or its Spark equivalent to fetch secrets securely.

No secrets need to be committed in code or stored in Spark configs.

If this helped, please consider giving kudos and mark as a solution

 

View solution in original post

Message 2 of 6
386 Views
Nasif_Azam
Super User
Super User

‎08-06-2025 12:51 AM

Hey @EduardD,

You can try the following best options within Microsoft Fabric:

 

1. Use Azure Key Vault: Yes, Fabric Notebooks (Python or Spark) can securely read secrets from Azure Key Vault. This is the most secure and scalable way to manage secrets. Steps:

  • Create a linked service to Azure Key Vault in your Fabric workspace.

  • Assign the correct Key Vault access policy to your service principal.

  • Use mssparkutils.credentials.getSecret("linkedServiceName", "secretName") in your notebook to retrieve the secret.

Works with both Python and Spark notebooks.

 

2. Workspace Parameters (Not for Secrets): Fabric workspace parameters are useful for reusable values, but not recommended for storing secrets, even if encrypted. They are visible to users with access to the workspace.

Avoid using this for client secrets in production automation.

 

3. Environment Variables (Limited in Fabric): You can define environment variables inside the notebook session, but they don’t persist securely and aren’t ideal for secrets unless controlled by a secure external system.

 

4. Spark Notebooks - Secret Storage: If you switch to a Spark notebook, secret handling via Key Vault remains the best option. The mssparkutils utility works in both Spark and non-Spark notebooks.

 

For Detailed Information:

Use Azure Key Vault with Microsoft Fabric Notebooks

Best Practices for Managing Secrets in Azure Key Vault

Configure Linked Services in Microsoft Fabric

If you found this solution helpful, please consider accepting it and giving it a kudos (Like) it’s greatly appreciated and helps others find the solution more easily.


Best Regards,
Nasif Azam

View solution in original post

Message 3 of 6
370 Views
5 REPLIES 5
v-hjannapu
Community Support
Community Support

‎08-06-2025 09:42 PM

Hi @EduardD,

I would also take a moment to thank @Nasif_Azam , @Mvsainathareddy for actively participating in the community forum and for the solutions you’ve been sharing in the community forum. Your contributions make a real difference.

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions.

Best Regards,
Harshitha.

Message 4 of 6
323 Views
0
v-hjannapu
Community Support
Community Support
In response to v-hjannapu

‎08-10-2025 08:43 AM

Hi @EduardD,
I hope the above details help you fix the issue. If you still have any questions or need more help, feel free to reach out. We are always here to support you.


Regards,
Harshitha.


Message 5 of 6
253 Views
0
v-hjannapu
Community Support
Community Support
In response to v-hjannapu

‎08-13-2025 04:52 AM

Hi @EduardD,

I wanted to follow up and see if you have had a chance to review the information that was shared. If you have any additional questions or need further clarification, please don’t hesitate to reach out. I am here to assist with any concerns you might have.

Regards,
Harshitha.

Message 6 of 6
178 Views
0
Nasif_Azam
Super User
Super User

‎08-06-2025 12:51 AM

Hey @EduardD,

You can try the following best options within Microsoft Fabric:

 

1. Use Azure Key Vault: Yes, Fabric Notebooks (Python or Spark) can securely read secrets from Azure Key Vault. This is the most secure and scalable way to manage secrets. Steps:

  • Create a linked service to Azure Key Vault in your Fabric workspace.

  • Assign the correct Key Vault access policy to your service principal.

  • Use mssparkutils.credentials.getSecret("linkedServiceName", "secretName") in your notebook to retrieve the secret.

Works with both Python and Spark notebooks.

 

2. Workspace Parameters (Not for Secrets): Fabric workspace parameters are useful for reusable values, but not recommended for storing secrets, even if encrypted. They are visible to users with access to the workspace.

Avoid using this for client secrets in production automation.

 

3. Environment Variables (Limited in Fabric): You can define environment variables inside the notebook session, but they don’t persist securely and aren’t ideal for secrets unless controlled by a secure external system.

 

4. Spark Notebooks - Secret Storage: If you switch to a Spark notebook, secret handling via Key Vault remains the best option. The mssparkutils utility works in both Spark and non-Spark notebooks.

 

For Detailed Information:

Use Azure Key Vault with Microsoft Fabric Notebooks

Best Practices for Managing Secrets in Azure Key Vault

Configure Linked Services in Microsoft Fabric

If you found this solution helpful, please consider accepting it and giving it a kudos (Like) it’s greatly appreciated and helps others find the solution more easily.


Best Regards,
Nasif Azam

Message 3 of 6
371 Views
Mvsainathareddy
Advocate II
Advocate II

‎08-05-2025 11:11 PM

Hi @EduardD 

Can Fabric notebooks read the secret directly from Azure Key Vault?

Yes try like below and its works for you
Fabric Notebooks have built-in integration with Azure Key Vault. Store all sensitive secrets in Key Vault, assign your service principal the least-privileged access, and read secrets at runtime using the built-in mssparkutils.credentials.getSecret function (or notebookutils.credentials.getSecret depending on your Fabric version).

Example (Python code snippet):

python
secret = mssparkutils.credentials.getSecret("https://<your-key-vault-name>.vault.azure.net/", "your-secret-name")
This method ensures secrets never appear in code or logs, can be centrally rotated, and are auditable.

Prerequisite: Your service principal (or whoever runs the notebook) must have the correct Key Vault read permissions (using RBAC).

2.If you use a Spark notebook, can you securely store/read secrets there?

The same mechanisms to access Azure Key Vault (as above) apply to Spark notebooks in Fabric. Use mssparkutils.credentials.getSecret or its Spark equivalent to fetch secrets securely.

No secrets need to be committed in code or stored in Spark configs.

If this helped, please consider giving kudos and mark as a solution

 

Message 2 of 6
387 Views

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All