Store credentials in Azure Key Vault - Azure Data Factory (2024)

Table of Contents
In this article Prerequisites Steps Azure Key Vault linked service Reference secret stored in key vault Related content
  • Article

APPLIES TO: Store credentials in Azure Key Vault - Azure Data Factory (1)Azure Data Factory Store credentials in Azure Key Vault - Azure Data Factory (2)Azure Synapse Analytics

Tip

Try out Data Factory in Microsoft Fabric, an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!

See Also
Azure Key Vault security overviewWhat is the difference between a key and a secret in Azure Key Vault? - Microsoft Q&AKey Vault | Microsoft AzureAzure Quickstart - Set and retrieve a key from Key Vault using Azure portal

You can store credentials for data stores and computes in an Azure Key Vault. Azure Data Factory retrieves the credentials when executing an activity that uses the data store/compute.

Currently, all activity types except custom activity support this feature. For connector configuration specifically, check the "linked service properties" section in each connector topic for details.

Prerequisites

This feature relies on the data factory managed identity. Learn how it works from Managed identity for Data factory and make sure your data factory have an associated one.

Steps

To reference a credential stored in Azure Key Vault, you need to:

  1. Retrieve data factory managed identity by copying the value of "Managed Identity Object ID" generated along with your factory. If you use ADF authoring UI, the managed identity object ID will be shown on the Azure Key Vault linked service creation window; you can also retrieve it from Azure portal, refer to Retrieve data factory managed identity.
  2. Grant the managed identity access to your Azure Key Vault. In your key vault -> Access policies -> Add Access Policy, search this managed identity to grant Get and List permissions in the Secret permissions dropdown. It allows this designated factory to access secret in key vault.
  3. Create a linked service pointing to your Azure Key Vault. Refer to Azure Key Vault linked service.
  4. Create the data store linked service. In its configuration, reference the corresponding secret stored in Azure Key Vault. Refer to Reference a secret stored in Azure Key Vault.

Azure Key Vault linked service

The following properties are supported for Azure Key Vault linked service:

PropertyDescriptionRequired
typeThe type property must be set to: AzureKeyVault.Yes
baseUrlSpecify the Azure Key Vault URL.Yes

Using authoring UI:

See Also
Azure encryption overview

Select Connections -> Linked Services -> New. In New linked service, search for and select "Azure Key Vault":

Store credentials in Azure Key Vault - Azure Data Factory (3)

Select the provisioned Azure Key Vault where your credentials are stored. You can do Test Connection to make sure your AKV connection is valid.

Store credentials in Azure Key Vault - Azure Data Factory (4)

JSON example:

{ "name": "AzureKeyVaultLinkedService", "properties": { "type": "AzureKeyVault", "typeProperties": { "baseUrl": "https://<azureKeyVaultName>.vault.azure.net" } }}

Reference secret stored in key vault

The following properties are supported when you configure a field in linked service referencing a key vault secret:

PropertyDescriptionRequired
typeThe type property of the field must be set to: AzureKeyVaultSecret.Yes
secretNameThe name of secret in Azure Key Vault.Yes
secretVersionThe version of secret in Azure Key Vault.
If not specified, it always uses the latest version of the secret.
If specified, then it sticks to the given version.		No
storeRefers to an Azure Key Vault linked service that you use to store the credential.Yes

Using authoring UI:

Select Azure Key Vault for secret fields while creating the connection to your data store/compute. Select the provisioned Azure Key Vault Linked Service and provide the Secret name. You can optionally provide a secret version as well.

Tip

For connectors using connection string in linked service like SQL Server, Blob storage, etc., you can choose either to store only the secret field e.g. password in AKV, or to store the entire connection string in AKV. You can find both options on the UI.

Store credentials in Azure Key Vault - Azure Data Factory (5)

JSON example: (see the "password" section)

{ "name": "DynamicsLinkedService", "properties": { "type": "Dynamics", "typeProperties": { "deploymentType": "<>", "organizationName": "<>", "authenticationType": "<>", "username": "<>", "password": { "type": "AzureKeyVaultSecret", "secretName": "<secret name in AKV>", "store":{ "referenceName": "<Azure Key Vault linked service>", "type": "LinkedServiceReference" } } } }}

Related content

For a list of data stores supported as sources and sinks by the copy activity in Azure Data Factory, see supported data stores.

Store credentials in Azure Key Vault - Azure Data Factory (2024)
Top Articles
Market Chameleon Review | Is It Reliable for Finding Stock and Options Trading? - The European Financial Review
View CPU activity in Activity Monitor on Mac
Northern Counties Soccer Association Nj
Where are the Best Boxing Gyms in the UK? - JD Sports
Hotels Near 625 Smith Avenue Nashville Tn 37203
Forozdz
Hotels
Breaded Mushrooms
Stadium Seats Near Me
Nyuonsite
Kostenlose Games: Die besten Free to play Spiele 2024 - Update mit einem legendären Shooter
104 Presidential Ct Lafayette La 70503
Vichatter Gifs
What Is A Good Estimate For 380 Of 60
Hartford Healthcare Employee Tools
Guilford County | NCpedia
7543460065
Ostateillustrated Com Message Boards
60 X 60 Christmas Tablecloths
Diamond Piers Menards
Average Salary in Philippines in 2024 - Timeular
Free Online Games on CrazyGames | Play Now!
Accident On May River Road Today
Zack Fairhurst Snapchat
Craigslist List Albuquerque: Your Ultimate Guide to Buying, Selling, and Finding Everything - First Republic Craigslist
Lola Bunny R34 Gif
The Blind Showtimes Near Amc Merchants Crossing 16
Rufus Benton "Bent" Moulds Jr. Obituary 2024 - Webb & Stephens Funeral Homes
Jc Green Obits
Minnick Funeral Home West Point Nebraska
Two Babies One Fox Full Comic Pdf
Horn Rank
Malluvilla In Malayalam Movies Download
Farm Equipment Innovations
100 Million Naira In Dollars
Bi State Schedule
Ridge Culver Wegmans Pharmacy
Average weekly earnings in Great Britain
Panchang 2022 Usa
Flixtor Nu Not Working
What Is Xfinity and How Is It Different from Comcast?
Bus Dublin : guide complet, tarifs et infos pratiques en 2024 !
Breckie Hill Fapello
Diana Lolalytics
Daily Journal Obituary Kankakee
Pensacola 311 Citizen Support | City of Pensacola, Florida Official Website
Rage Of Harrogath Bugged
2017 Ford F550 Rear Axle Nut Torque Spec
60 Days From August 16
CPM Homework Help
Bob Wright Yukon Accident
Qvc Com Blogs
Latest Posts
What is Medical Coding?
Convert $600 per day to Yearly salary | Talent.com
Article information

Author: Otha Schamberger

Last Updated:

Views: 5650

Rating: 4.4 / 5 (75 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Otha Schamberger

Birthday: 1999-08-15

Address: Suite 490 606 Hammes Ferry, Carterhaven, IL 62290

Phone: +8557035444877

Job: Forward IT Agent

Hobby: Fishing, Flying, Jewelry making, Digital arts, Sand art, Parkour, tabletop games

Introduction: My name is Otha Schamberger, I am a vast, good, healthy, cheerful, energetic, gorgeous, magnificent person who loves writing and wants to share my knowledge and understanding with you.