How to update the secret in keyvault from Synapse notebook

Sasidhar R. Kolli 20 Reputation points
2023-09-28T15:36:04.6333333+00:00

Hi,

I'M generating a token in the synapse notebook. I want to update my secret stored in keyvault every time I run my Synapse notebook how can I achieve it could you please provide me the Python code so that I can change the secret value every time I run the code in Synapse Notebook?

thanks

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,288 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,919 questions
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 89,471 Reputation points Microsoft Employee
    2023-10-03T07:56:57.5833333+00:00

    @Sasidhar R. Kolli - Thanks for the question and using MS Q&A platform.

    Here are the steps to update the secret in keyvault from Synapse notebook:

    Before: Here is the sample keyvault named chepra with key named chepra and the secretValue named Mar2023

    User's image

    Step1: Create a Azure Key Vault linked service which you want to use as shown below:

    User's image

    Step2: You can use mssparkutils help for tokens and secrets.

    This function displays the help documentation for secrets and tokens management in Synapse.

    mssparkutils.credentials.help()

    User's image

    Step3: From mssparkutils help for tokens and secrets use putSecret(akvName: String, secretName: String, secretValue: String): puts AKV secret for a given akvName, secretName

    User's image

    After: Here is the sample keyvault named chepra with key named chepra and the secretValue named Oct2023

    User's image

    For more details, refer to Secure credentials with linked services using the mssparkutils.

    Summary: Above steps helped to update the secret in keyvault from Synapse notebook.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Amira Bedhiafi 24,556 Reputation points
    2023-10-03T11:52:19.39+00:00

    You can use the Azure SDKs for Python, you can use this command to install it :

    Check the link here : https://pypi.org/project/azure-keyvault-secrets/

    !pip install azure-identity azure-keyvault-secrets
    

    After installing the libraries, you can use the following code to update the secret in the Key Vault:

    from azure.identity import DefaultAzureCredential
    from azure.keyvault.secrets import SecretClient
    def update_secret_in_keyvault(vault_url, secret_name, secret_value):
        # Use the default credential (e.g., Managed Identity, Environment Variables, etc.)
        credential = DefaultAzureCredential()
        # Create a secret client using the provided vault URL and credential.
        secret_client = SecretClient(vault_url=vault_url, credential=credential)
        # Set the secret
        secret_client.set_secret(secret_name, secret_value)
    # Replace these values with your actual values
    vault_url = "https://YOUR-KEY-VAULT-NAME.vault.azure.net/"
    secret_name = "YOUR-SECRET-NAME"
    secret_value = "YOUR-NEW-SECRET-VALUE"  # This could be your generated token
    # Call the function to update the secret
    update_secret_in_keyvault(vault_url, secret_name, secret_value)
    

    Every time you run the provided code in your Synapse notebook, the specified secret will be updated in the Azure Key Vault.


    Update :

    If you're having issues with DefaultAzureCredential and ManagedIdentityCredential, and are considering using ClientSecretCredential (which uses tenant_id, client_id, and client_secret), you'll first need to create an App Registration in Azure AD and assign the necessary permissions to it.

    Also check this link : https://learn.microsoft.com/en-us/rest/api/keyvault/secrets/update-secret/update-secret?tabs=HTTP

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.