"Cannot acquire MSI token for a Vault audience" from Azure synapse integrate pipeline

Shubham Mehta 51 Reputation points Microsoft Employee
2021-12-07T19:14:35.867+00:00

Hello,

I'm trying to execute an Azure Synapse Notebook using Notebook Activity in Synapse Pipelines and it keeps coming up with errors while debuging the Pipelines, the Notebook is using mssparkutils.credentials.getSecret() and it looks like accessing key vault is the problem.

The notebook runs fine when executed, but when added as pipeline activity the error comes up.

The key vault access policies are set to give both me and the synapse app get and list on secrets

****Operation on target TaxonomySync failed: Py4JJavaError: An error occurred while calling z:mssparkutils.credentials.getSecret.
: java.lang.Exception: Access token couldn't be obtained {"result":"DependencyError","errorId":"BadRequest","errorMessage":"LSRServiceException is [{\"StatusCode\":400,\"ErrorResponse\":{\"code\":\"LSRResolveFailure\",\"message\":\"Cannot acquire MSI token for a Vault audience.****
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,113 questions
{count} vote

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 73,651 Reputation points Microsoft Employee
    2021-12-08T07:18:10.027+00:00

    Hello @Shubham Mehta ,

    Thanks for the question and using MS Q&A platform.

    This is a known issue with product. Our product team currently working on the solution. I will update this thread once it’s available.

    Meanwhile workaround is to create a linked service against the Azure key vault.
    Use get secret with linked service using the below documentation:
    https://learn.microsoft.com/en-us/azure/synapse-analytics/spark/apache-spark-secure-credentials-with-tokenlibrary?pivots=programming-language-csharp#getsecret

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

0 additional answers

Sort by: Most helpful