Data Factory using Key vault for linked Services Information

Debbie Edwards 521 Reputation points

Im using the following information

I go through. get the Managed Identity Object ID from data Factory

In Key vault I do an Access Policy with GET. and I used the Management Option ID to set Select Principal and Authorised Application

I then create a secret. the Key to my Azure Data Lake Gen 2 Storage Account

Then In Data Factory I go to Linked Services and Add the Key vault as A linked Service.

I then go to the Data Lake Gen 2 Linked Service and change it to use Key vault. However its failing

Caller was not found on any access policy in this key vault, secretName: AzureDataLakeStorageGen2LSaccountKey, secretVersion: , vaultBaseUrl: The error message is: The user, group or application 'name=Microsoft.DataFactory/factories;appid= ID NO' does not have secrets get permission on key vault 'dev-uks-Project-kv;location=uksouth'

So clearly the part where I set up the Access Policy in Key vault isnt working but I dont know why because Im sure I did what it said in the documentation

Any help would be great because Im very blicked with this at the moment

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,790 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Debbie Edwards 521 Reputation points

    This is now resolved. I used the name of the Data factory as the service principal and it then worked so this is now sorted

    1 person found this answer helpful.

  2. Raphael Ramos Da Silva 1 Reputation point

    I faced the same issue and solved granting my ADF instance access to my key vault secrets.

    However, the secret I'm storing is an authentication header value:

    Basic <base64 hash>

    Although the connection was verified, my pipeline is now failing to execute and I'm sure it's related to the key vault secret.

    I'm assuming that the retrieved value for this secret is a JSON object with more properties other than the value one.

    Any workarounds on this? Many thanks!


    0 comments No comments