Share via

Synapse Link to CosmosDB

Paweł Witecki 0 Reputation points
2024-02-06T10:07:31.4533333+00:00

I have a linked service to CosmosDB in Synapse, created using Azure Synapse Link in CosmosDB. Unfortunatelly this link is storing account key directly in Synapse. I need to move that key to Key Vault. I've tried to use normal primary and secondary keys from CosmosDB but they are not working due to firewall settings (access to CosmosDB is restricted and Synapse has disabled vnets). Apparently the key in linked services created directly by Azure Synapse Link is something different and is able to bypass firewall rules. Is there any place where I can find this key to move it to KV?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,697 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,543 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. QuantumCache 20,261 Reputation points
    2024-02-06T23:24:31.1266667+00:00

    Hello @Paweł Witecki

    Thanks for reaching out on this forum!

    The account key in linked services created by Azure Synapse Link is something different and is able to bypass firewall rules. This integration is designed to abstract away the complexity of direct key management, focusing on ease of use and security!!!

    Did you try adjusting the firewall rules to allow access from Synapse to CosmosDB?

    FAQ

    Architecture diagram for Azure Synapse Analytics integration with Azure Cosmos DB

    0 comments
  2. Paweł Witecki 0 Reputation points
    2024-02-07T07:07:42.9633333+00:00

    FIrewall rules isn't something that can be changed in this case. Is there any way to extract that key to vault instead keeping it directly in synapse?