YOOOO! Perfect timing, just started developing out Notebooks to ETL Lakehouse data from external sources and wasn't comfortable with the creds in plain text. I'm happily surprised this is so simple, thanks Patrick!
Thanks for this video! Very helpful. Do you have best practices for doing this in Power Query, for example a client secret and client id without being saved as plain text in the M-query code….?
Q: How I understood - key wault is publicly available unless there is a privet network set up between Key wault and Workspace. Is that a best practices or just something good to have? And i was not able to figure our what kind of permissions/role is needed in client tenant to do that.
Having built many ETL processes in ADF, it integrates quite well with the vaults, there does appear to be a few limitations with API but thats usually not Azures fault but I am sure the could fix it. What the must fix is the way you need to declare "Content-Type: application/json", it must be a variable/parameter, can't just type it.
Note that you CAN print out the secret by looping over the characters, so never trust it to stay secret just because it shows "[REDACTED]" when printed directly.
Pretty horrible. They need to make their own KeyVault in Fabric and better integration like they have in standard ADF. It kinda messes with the whole, you just need 1 platform architecture marketing.
YOOOO! Perfect timing, just started developing out Notebooks to ETL Lakehouse data from external sources and wasn't comfortable with the creds in plain text. I'm happily surprised this is so simple, thanks Patrick!
Thanks for this video! Very helpful. Do you have best practices for doing this in Power Query, for example a client secret and client id without being saved as plain text in the M-query code….?
Good One.Further relevant access should be grant in Access Control (IAM).
It would have been good to have a quick explanation of workspace identities - without which, none of this works.
Q: How I understood - key wault is publicly available unless there is a privet network set up between Key wault and Workspace. Is that a best practices or just something good to have? And i was not able to figure our what kind of permissions/role is needed in client tenant to do that.
Waiting for when Power BI will be able to access KV! Storing creentials for API sources in Power query will be easier then.
I hope the integration with workspace identities comes soon. It would be way cleaner
Having built many ETL processes in ADF, it integrates quite well with the vaults, there does appear to be a few limitations with API but thats usually not Azures fault but I am sure the could fix it. What the must fix is the way you need to declare "Content-Type: application/json", it must be a variable/parameter, can't just type it.
Waiting for more integration with Key Vault! Would love to see it at least with Pipelines!
You can with web task. There are a few tutorials available. I've used it successfully.
I love this
How about using keyvault secrets in fabric connections ?
Note that you CAN print out the secret by looping over the characters, so never trust it to stay secret just because it shows "[REDACTED]" when printed directly.
The only Azure resource you cannot have customer managed keys. Sigh.
Pretty horrible.
They need to make their own KeyVault in Fabric and better integration like they have in standard ADF.
It kinda messes with the whole, you just need 1 platform architecture marketing.