AKV is designed to store and manage sensitive information such as API keys, secrets, and certificates. If you're using ADF you can definitely leverage Azure Key Vault to store your API keys securely.
You can create an Azure Key Vault instance if you don’t have one where you will add to it the API key as a secret.
Then navigate to your AKV instance in the Azure Portal.In the left-hand pane, select “Secrets”.
Click on the "+ Generate/Import" button to add a new secret. The "Value" of the secret will be your API key.
Next, you need to provide Azure Data Factory Access to Azure Key Vault, navigate to the "Access policies" section.
Click on "+ Add Access Policy". And then configure the access policy like below :
- Under "Secret permissions", select "Get" (and any other permissions you deem necessary).
- Click on "Select principal" and find your Azure Data Factory's managed identity.
- Click "Add" and then "Save" to apply the policy.
Now you need to Link Azure Key Vault to Azure Data Factory like below :
- In ADF, navigate to the “Author & Monitor” tab.
- Under the “Author” section, select “Linked services”.
- Click the “+ New” button to create a new linked service.
- Choose “Azure Key Vault” as the linked service type.
- Provide the necessary information to connect to AKV (usually the AKV URL). Ensure that you're using the ADF Managed Identity for authentication.
Finally, using the Secret in ADF's Linked Service, you need to do the following :
- Create (or edit) a linked service in ADF that requires the API key.
- Instead of manually typing the API key, use the Azure Key Vault secret reference. It's generally in a format like `@linkedService('YourAKVLinkedServiceName').SecretValue`. This way, ADF will fetch the API key from AKV when needed.