Azure Key Vault and its integration into ADF

Azure key vault is service offered by Microsoft azure to securely store credentials, key, API ,password etc with encryption. Credentials and key stored under azure key vault can be used for authentication across multiple azure service. Key Vault service supports two types of containers: vaults and managed hardware security module (HSM) pools. 

Features of key Vault 

  • TLS/SLS certificate can be stored, and task can be automated and simplified. 
  • No application has direct access to key. 
  • Less time required in generation and importing keys 
  • More security and control over stored credentials 
  • It provides backup and recovery option to recovered deleted keys 
  • Access control can be applied on key vault data 

Steps to generate secret in key vault and use in ADF 

  1. Go to azure portal and click on key vault 
  1. Graphical user interface, text, application

Description automatically generated Click on Create key vault if not created else click on existing key vault. 
  1. Click on Secret under setting and then click on Generate to create secret. Here I am generating secret in order to store my storage account key which can be later used in Data factory to create linked service for storage account 
  1. Text

Description automatically generated with medium confidenceEnter your secret name and its value and then click on create 
  1. Graphical user interface, text, application, email

Description automatically generatedUnder secret we would see new secret been created 
  1. Open data Factory and go to manage section to create new link service and click on new 
  1.  Select Azure Data lake Storage under gen2 as we have used its key to create secret in key vault 
  1.   Select account key authentication and account selection method as manually. Later select azure key vault 
  1. Under AKV linked service click on new to create key vault linked service for Azure Key Vault 
  1. Go to access polices under key vault and Add role assignment for data factory. We can also use IAM instead of key vault access control 
  1.  Select the secret name and version and test connection 
  1.  Now ADF linked service is created and we can get the data in Data factory using this linked service 

Aniket Ghodinde 
Trainee– Data Engineering 
Addend Analytics 

Addend Analytics is a Microsoft Gold Partner based in Mumbai, India, and a branch office in the U.S.

Addend has successfully implemented 100+ Microsoft Power BI and Business Central projects for 100+ clients across sectors like Financial Services, Banking, Insurance, Retail, Sales, Manufacturing, Real estate, Logistics, and Healthcare in countries like the US, Europe, Switzerland, and Australia.

Get a free consultation now by emailing us or contacting us.