question

DebbieEdwards-1726 avatar image
0 Votes"
DebbieEdwards-1726 asked RaphaelRamosDaSilva-0931 edited

Data Factory using Key vault for linked Services Information

Im using the following information

https://docs.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault

I go through. get the Managed Identity Object ID from data Factory

In Key vault I do an Access Policy with GET. and I used the Management Option ID to set Select Principal and Authorised Application

I then create a secret. the Key to my Azure Data Lake Gen 2 Storage Account

Then In Data Factory I go to Linked Services and Add the Key vault as A linked Service.

I then go to the Data Lake Gen 2 Linked Service and change it to use Key vault. However its failing

Caller was not found on any access policy in this key vault, secretName: AzureDataLakeStorageGen2LSaccountKey, secretVersion: , vaultBaseUrl: https://dev-uks-Project-kv.vault.azure.net/. The error message is: The user, group or application 'name=Microsoft.DataFactory/factories;appid= ID NO' does not have secrets get permission on key vault 'dev-uks-Project-kv;location=uksouth'

So clearly the part where I set up the Access Policy in Key vault isnt working but I dont know why because Im sure I did what it said in the documentation

Any help would be great because Im very blicked with this at the moment


azure-data-factory
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DebbieEdwards-1726 Thanks for using Microsoft Q&A !!

By looking at the error, it is access policies issues only. Can you please revalidate once going to Access Policies of Azure Key Vault, if you Azure Data Factory is listed under policies with GET permissions and let me know. (See screenshot)

62651-image.png


1 Vote 1 ·
image.png (87.0 KiB)

@DebbieEdwards-1726 Please let me know if you are still facing the same issue ?

0 Votes 0 ·
DebbieEdwards-9837 avatar image
1 Vote"
DebbieEdwards-9837 answered SaurabhSharma-msft commented

This is now resolved. I used the name of the Data factory as the service principal and it then worked so this is now sorted

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DebbieEdwards-9837 Good to hear and thanks for sharing it over here for any future users.

0 Votes 0 ·
RaphaelRamosDaSilva-0931 avatar image
0 Votes"
RaphaelRamosDaSilva-0931 answered RaphaelRamosDaSilva-0931 edited

I faced the same issue and solved granting my ADF instance access to my key vault secrets.

However, the secret I'm storing is an authentication header value:

Basic <base64 hash>

Although the connection was verified, my pipeline is now failing to execute and I'm sure it's related to the key vault secret.

I'm assuming that the retrieved value for this secret is a JSON object with more properties other than the value one.

Any workarounds on this? Many thanks!


140939-image.png



image.png (34.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.