0

How to get the KeyVault name in the notebook from the keyvault link in Synapse?

I need the KeyVault name to pass to the TokenLibrary.

TokenLibrary.getSecret(keyVaultName,"MyConnectionString", "AzureKeyVaultLink")

Xavier John
  • 8,474
  • 3
  • 37
  • 51

3 Answers3

2

I found a solution to get the secret without the key vault name. There is an API called

Token.getSecretWithLS("AzureKeyVaultLink", "MyConnectionString"));

which will get the secret from the KV.

Xavier John
  • 8,474
  • 3
  • 37
  • 51
1

Please make sure to enable managed service identity and add keyvault secrets and also add linked service to azure synapse

Go Azure key Vault in my case keyvam is KeyVault name.

Ref

Syntax:

connection_string = TokenLibrary.getSecret("mykeyvault", "ConnectionString")

you can use linked service as shown in the below reference.

connection_string = TokenLibrary.getSecret("mykeyvault", "ConnectionString", "AzureKeyVaultLinkedServiceName")

Sample example:

import sys
from pyspark.sql import SparkSession
sc = SparkSession.builder.getOrCreate()
token_library = sc._jvm.com.microsoft.azure.synapse.tokenlibrary.TokenLibrary
connection_string = token_library.getSecret('keyvam','vamsi')
print(connection_string)

Ref2

Reference:

https://learn.microsoft.com/en-us/answers/questions/445496/access-secret-from-vault-using-synapse-pyspark-not.html

https://learn.microsoft.com/en-us/answers/questions/445496/access-secret-from-vault-using-synapse-pyspark-not.html

https://learn.microsoft.com/en-us/azure/synapse-analytics/spark/apache-spark-secure-credentials-with-tokenlibrary?pivots=programming-language-python&WT.mc_id=data-34417-abhishgu#getsecret

https://dzone.com/articles/securely-access-azure-sql-database-from-azure-syna

B. B. Naga Sai Vamsi
  • 2,386
  • 2
  • 3
  • 11
  • I don't have problem accessing the keyvault. I want to programmatically get the keyvault name so that I can pass it to getSecret. – Xavier John May 09 '22 at 22:54
  • hi @XavierJohn, there is no proper way to get the key vault name programmatically, if you are using Azure CLI you will get the key vault name but that's a different process. Following the above reference, you can pass it to getSecret. – B. B. Naga Sai Vamsi May 10 '22 at 07:27
  • The problem is the name of the key vault is different in each environment so I am currently passing it as a parameter to the pipeline. – Xavier John May 12 '22 at 02:04
0

Below code can be used for getting keyvault url associated with the linked service.

import sys
my_linked_service_name = "LS_Keyvault"
spark_session = SparkSession.builder.getOrCreate()
token_library = spark_session._jvm.com.microsoft.azure.synapse.tokenlibrary.TokenLibrary
keyvaultUrl = token_library.getFullConnectionStringAsMap(my_linked_service_name).get("url")
Jegan Lingam
  • 1