Home > Net >  How to Access Azure Data Factory if we disable public access for keyvault
How to Access Azure Data Factory if we disable public access for keyvault

Time:02-01

So how we can fetch the secrets or keys for Azure Data Factory , logic apps, Azure Synapse and Azure DataBricks if we disable the public access for keyvault.

I found a solution for AppServices and FunctionApps by using outbound IP Addresses and i need a solution for accessing the ADF,synapse,logicapps and databricks if we disable public access for keyvault. I tried using Service Principal and grant permissions but its not working.

Please help me with the solution.

CodePudding user response:

Even if you disable public access, you can still leave "Allow trusted Microsoft services to bypass this firewall" on, and so allow the MS services you mention to have access. public access You can also create a private endpoint, and so add the key vault to your private Vnet.

All of this is related to networking - not being blocked by a firewall. You also need to grant permission to the service you use to access key vault, for example, with service principle or managed identity.

CodePudding user response:

I tried to reproduce the same in my environment to access Azure key Vault with Private Endpoint:

I have created Vnet with required configuration.

Subnet and AddressSpace

Azure Portal > Virtual networks > Create

enter image description here

Create key-vault with private endpoint.

Azure Portal > Key vaults > Create a key vault

Note under Network section uncheck public access.

enter image description here

once create the Keyvault, check the private endpoint provisioning status, like below.

enter image description here

If you are trying to access the Azure Keyvault from public internet, you will get unauthorized error, like below.

enter image description here

Azure Keyvault is accessible with private network, like below.

enter image description here

For accessing Azure Datafactory using Azure keyvault, Assign service principal.

Required Role: Key Vault Reader

Keyvault access policy is assigned to ADF managed Identity.

Ex: hellotestdata

enter image description here

You can add Azure Key vault as a linked service in the Azure Data factory. the managed identity of the ADF that has access to key vault can be used for connecting ADF to Azure Key vault like below.

enter image description here

Azure Key Vault is successfully linked to ADF.

enter image description here

Reference: Store credentials in Azure Key Vault

Page link:https//www.codepudding.com/net/688905.html

Prev:Azure Storage: Cost related query
Next:Azure Devops: how configure my pipeline script to trigger another pipeline with different repo?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding