Access Secret from vault using Synapse pyspark notebook

Shivank.Agarwal 61 Reputation points
2021-06-21T18:29:09.747+00:00

How to access secret keys from vault using azure synpase pyspark notebook?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,395 questions
Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 77,676 Reputation points Microsoft Employee
    2021-06-23T09:36:47.38+00:00

    Hello @Shivank.Agarwal ,

    Steps to access synapse DB from spark notebook and added the db username and password in secret vault:

    Step1: Create synapse username and password in Key vault secrets:

    Note: I had created synapse username as synapseusername and synapse password as synapsepassword and my Azure Key vault name is chepra.

    108507-image.png

    Step2: Using TokenLibrary function you can access the secrets from keyvault in your notebook.

    Method1: Direct call to the TokenLibrary which contains synapseusername and synapsepassword from Azure Key vault.

    Note: For example: TokenLibrary.getSecret("AzureKeyvaultName", "SecretName") 

    %%pyspark  
jdbcDF = spark.read.format("jdbc") \  
    .option("url", f"jdbc:sqlserver://cheprasynapse.sql.azuresynapse.net:1433;database=chepra") \  
    .option("dbtable","drivers") \  
    .option("user", TokenLibrary.getSecret('chepra', 'synapseusername')) \  
    .option("password",TokenLibrary.getSecret('chepra', 'synapsepassword')) \  
    .option("driver","com.microsoft.sqlserver.jdbc.SQLServerDriver") \  
    .load()  
jdbcDF.show()

    108515-image.png

    Method2: Declaring the synapseusername and synapse password in a variables.

    Declaring variables: 

    synapseusername = TokenLibrary.getSecret('chepra', 'synapseusername')  
synapsepassword = TokenLibrary.getSecret('chepra', 'synapsepassword')

    Calling the variables in the connection string: 

    %%pyspark  
jdbcDF = spark.read.format("jdbc") \  
    .option("url", f"jdbc:sqlserver://cheprasynapse.sql.azuresynapse.net:1433;database=chepra") \  
    .option("dbtable","drivers") \  
    .option("user", synapseusername) \  
    .option("password",synapsepassword) \  
    .option("driver","com.microsoft.sqlserver.jdbc.SQLServerDriver") \  
    .load()  
jdbcDF.show()

    108583-image.png

    Hope this helps. Do let us know if you any further queries.

    ---------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA-MSFT 77,676 Reputation points Microsoft Employee
    2021-06-22T06:15:06.51+00:00

    Hello @Shivank.Agarwal ,

    Thanks for the question and using MS Q&A platform.

    You can use the MSSparkUtils Credentials Utilities to get the access tokens of linked services and manage secrets in Azure Key Vault.

    Connect to ADLS Gen2 storage using a SAS token stored in Azure Key Vault secret. 

    %%pyspark  
spark.conf.set("fs.azure.account.auth.type", "SAS")  
spark.conf.set("fs.azure.sas.token.provider.type", "com.microsoft.azure.synapse.tokenlibrary.AkvBasedSASProvider")  
spark.conf.set("spark.storage.synapse.akv", "<AZURE KEY VAULT NAME>")  
spark.conf.set("spark.storage.akv.secret", "<SECRET KEY>")  
  
df = spark.read.csv('abfss://<CONTAINER>@<ACCOUNT>.dfs.core.windows.net/<FILE PATH>')  
  
display(df.limit(10))

    For more details, refer to Secure credentials with linked services using the TokenLibrary.

    Hope this helps. Do let us know if you any further queries.

    ---------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
  2. Anisha Rayapati 11 Reputation points
    2021-08-26T16:22:41.64+00:00

    @PRADEEPCHEEKATLA-MSFT I am getting a 401 error while using the below code

    Error: NoAuthenticationInformation, "Server failed to authenticate the request. Please refer to the information in the www-authenticate header.

    %%pyspark
    spark.conf.set("fs.azure.account.auth.type", "SAS")
    spark.conf.set("fs.azure.sas.token.provider.type", "com.microsoft.azure.synapse.tokenlibrary.AkvBasedSASProvider")
    spark.conf.set("spark.storage.synapse.akv", "<AZURE KEY VAULT NAME>")
    spark.conf.set("spark.storage.akv.secret", "<SECRET KEY>")

    df = spark.read.csv('abfss://<CONTAINER>@<ACCOUNT>.dfs.core.windows.net/<FILE PATH>')

    display(df.limit(10))

  3. Kunal Yadav 5 Reputation points
    2023-02-23T03:39:58.41+00:00 
    
synapseusername=token_library.getSecret(key_name, secret
synapsepassword=token_library.getSecret(key_name, secretpassword, linked_service)


.option("user", synapseusername) \  
.option("password",synapsepassword) \
    0 comments