"Cannot acquire MSI token for a Vault audience" from Azure synapse integrate pipeline

Question

Hello,

I'm trying to execute an Azure Synapse Notebook using Notebook Activity in Synapse Pipelines and it keeps coming up with errors while debuging the Pipelines, the Notebook is using mssparkutils.credentials.getSecret() and it looks like accessing key vault is the problem.

The notebook runs fine when executed, but when added as pipeline activity the error comes up.

The key vault access policies are set to give both me and the synapse app get and list on secrets

****Operation on target TaxonomySync failed: Py4JJavaError: An error occurred while calling z:mssparkutils.credentials.getSecret.
: java.lang.Exception: Access token couldn't be obtained {"result":"DependencyError","errorId":"BadRequest","errorMessage":"LSRServiceException is [{\"StatusCode\":400,\"ErrorResponse\":{\"code\":\"LSRResolveFailure\",\"message\":\"Cannot acquire MSI token for a Vault audience.****

Answer 1

Hello @Shubham Mehta ,

Thanks for the question and using MS Q&A platform.

This is a known issue with product. Our product team currently working on the solution. I will update this thread once it’s available.

Meanwhile workaround is to create a linked service against the Azure key vault.
Use get secret with linked service using the below documentation:
https://learn.microsoft.com/en-us/azure/synapse-analytics/spark/apache-spark-secure-credentials-with-tokenlibrary?pivots=programming-language-csharp#getsecret

Hope this will help. Please let us know if any further queries.

------------------------------

• Please don't forget to click on or upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
• Want a reminder to come back and check responses? Here is how to subscribe to a notification
• If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators