Hi Alec, how are you?
This integration is possible, yes, however, there are some prerequisites.
I just wanted to list them to make sure everything was set up correctly.
- The Synapse or DataFactory resource must have permission to access the Key Vault. This can be done by accessing the Key Vault -> Access Policy -> Create. Then you should configure the necessary permission (suggestion to keep the settings as strict as possible). In the case of querying Secretes, only "Get" and "List" permissions are needed. The permission is associated with an identity, configured in Azure AD. Synapese or DataFactory has a menu called "Properties" and you can get the value of the "Object ID", which is the identity reference that must be associated in the Key Vault access policies
- The Database you want to access must be accessible to Azure resources or the network settings, NSG, must allow with this connectivity.
- During the Linked Server configuration process, it will be possible to associate the Key Vault to the service and, consequently, select the variable that contains the desired secret.
As you can see in this image, I configured an Azure Key Vault and I'm getting the secret dbsecret from the KeyVault. At the bottom of the image, you can see the connection was successfully.
- You can check the following references as well:
I hope it can help you.