Azure Synapse Spark pool command to list all secrets in Key Vault-CodePudding

Hope you are doing well.

Is there a command in the Spark Utilities to see all secrets in an Azure Key Vault run in an Azure Synapse Spark Notebook?

Page

You may checkout my answer on MS Q&A platform on how to use Access Secret from vault using Synapse pyspark notebook.

Appreciate if you could share the feedback on our Azure Synapse feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.

CodePudding user response：

You can call Azure Key Vault (AKV) via its REST API and the GetSecret methods, which returns a list of secrets in their full URL form. You could use a Web activity in Synapse pipelines to call this. Example settings:

Setting	Value	Notes
URL	{vaultBaseUrl}/secrets?api-version=7.2	See below for sample URL
Method	GET
Authentication	Managed Identity
Resource	https://vault.azure.net

Sample Key Vault URL

https://yourKeyVault-akv.vault.azure.net/secrets?api-version=7.2

Sample results:

{
    "value": [
        {
            "id": " https://yourKeyVault-akv.vault.azure.net/secrets/somepassword ",
            "attributes": {
                "enabled": true,
                "created": 1635948403,
                "updated": 1635948403,
                "recoveryLevel": "Recoverable Purgeable",
                "recoverableDays": 90
            },
            "tags": {}
        },
        {
            "id": " https://yourKeyVault-akv.vault.azure.net/secrets/someusername ",
            "attributes": {
                "enabled": true,
                "created": 1635949171,
                "updated": 1635949171,
                "recoveryLevel": "Recoverable Purgeable",
                "recoverableDays": 90
            },
            "tags": {}
        }
    ],

You are able to loop through the values with a For Each activity, eg the Items value would be:

@activity('Web Get AKV Secrets').output.value

Refer to the individual secret inside the For Each activity like this:

@item.id

Get the actual secret name by using split and last functions, eg

@last(split(item().id, '/'))

You could then pass the individual secret name or the collection into a Synapse notebook as a parameter.