Share via

Impact of Azure Key Vault API 2026-02-01 and RBAC default on mssparkutils.credentials.getSecret in Microsoft Fabric

Pawel Mofina 0 Reputation points
2026-02-06T12:50:22.3666667+00:00

Hi Microsoft Support,

We received notice about the retirement of Azure Key Vault APIs prior to 2026-02-01 and the move to Azure RBAC as the default access model.

We use Microsoft Fabric PySpark notebooks and retrieve secrets using: mssparkutils.credentials.getSecret.

Can you please confirm:

  1. Whether this API change or RBAC default will impact mssparkutils.credentials.getSecret in Fabric.
  2. Whether Fabric requires legacy access policies or fully supports Azure RBAC–only Key Vaults.
  3. Any required role assignments or migration guidance to avoid secret access failures.

Thanks for the clarification.

Best regards,
Pawel

Azure Key Vault
Azure Key Vault

An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. kagiyama yutaka 1,245 Reputation points
    2026-02-06T14:04:52.04+00:00

    I think fabric’s getSecret keeps using the kv data‑plane, so the api cutoff doesn’t touch it. rbac‑only vaults work fine… just give the workspace identity Key Vault Secrets User at the vault scope. that’s all u need to avoid failures, no legacy access policy required.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.