Hope you are doing well.
Is there a command in the Spark Utilities to see all secrets in an Azure Key Vault run in an Azure Synapse Spark Notebook?
You may checkout my answer on MS Q&A platform on how to use Access Secret from vault using Synapse pyspark notebook.
Appreciate if you could share the feedback on our Azure Synapse feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.
CodePudding user response:
You can call Azure Key Vault (AKV) via its REST API and the GetSecret methods, which returns a list of secrets in their full URL form. You could use a Web activity in Synapse pipelines to call this. Example settings:
Setting | Value | Notes |
---|---|---|
URL | {vaultBaseUrl}/secrets?api-version=7.2 | See below for sample URL |
Method | GET | |
Authentication | Managed Identity | |
Resource | https://vault.azure.net |
Sample Key Vault URL
https://yourKeyVault-akv.vault.azure.net/secrets?api-version=7.2
Sample results:
{
"value": [
{
"id": " https://yourKeyVault-akv.vault.azure.net/secrets/somepassword ",
"attributes": {
"enabled": true,
"created": 1635948403,
"updated": 1635948403,
"recoveryLevel": "Recoverable Purgeable",
"recoverableDays": 90
},
"tags": {}
},
{
"id": " https://yourKeyVault-akv.vault.azure.net/secrets/someusername ",
"attributes": {
"enabled": true,
"created": 1635949171,
"updated": 1635949171,
"recoveryLevel": "Recoverable Purgeable",
"recoverableDays": 90
},
"tags": {}
}
],
You are able to loop through the values with a For Each activity, eg the Items
value would be:
@activity('Web Get AKV Secrets').output.value
Refer to the individual secret inside the For Each activity like this:
@item.id
Get the actual secret name by using split
and last
functions, eg
@last(split(item().id, '/'))
You could then pass the individual secret name or the collection into a Synapse notebook as a parameter.