Azure key vault is service offered by Microsoft azure to securely store credentials, key, API ,password etc with encryption. Credentials and key stored under azure key vault can be used for authentication across multiple azure service. Key Vault service supports two types of containers: vaults and managed hardware security module (HSM) pools.
Features of key Vault
- TLS/SLS certificate can be stored, and task can be automated and simplified.
- No application has direct access to key.
- Less time required in generation and importing keys
- More security and control over stored credentials
- It provides backup and recovery option to recovered deleted keys
- Access control can be applied on key vault data
Steps to generate secret in key vault and use in ADF
- Go to azure portal and click on key vault
Click on Create key vault if not created else click on existing key vault.
- Click on Secret under setting and then click on Generate to create secret. Here I am generating secret in order to store my storage account key which can be later used in Data factory to create linked service for storage account
Enter your secret name and its value and then click on create
Under secret we would see new secret been created
- Open data Factory and go to manage section to create new link service and click on new
- Select Azure Data lake Storage under gen2 as we have used its key to create secret in key vault
- Select account key authentication and account selection method as manually. Later select azure key vault
- Under AKV linked service click on new to create key vault linked service for Azure Key Vault
- Go to access polices under key vault and Add role assignment for data factory. We can also use IAM instead of key vault access control
- Select the secret name and version and test connection
- Now ADF linked service is created and we can get the data in Data factory using this linked service
Aniket Ghodinde
Trainee– Data Engineering
Addend Analytics