Not getting the secret name parameter of ADLS Gen2 Linked Service in DevOps Repo

Question

Hi Team,

The linked service for ADLS Gen2 is as follows:

And git is enabled for the Data Factory. After publishing the code to DevOps Repo, we can see the 'secretName' property in the json file of the linked service, but not getting this parameter in the ArmTemplate. This is causing us a problem when we try to override the secret value in upper environments.

JSON file of Linked Service from DevOps Repo:

ARM Template from DevOps Repo:

Could someone please help me in getting this issue resolved.

Answer 1

Hi @Sree Kavya Komatineni ,

Welcome to Microsoft Q&A platform and thankyou for posting your query.

As I understand your issue here, you are not able to view the secret name of Azure key vault in ARM template JSON . Please let me know if my understanding is wrong.

It is the expected scenario. Key vault Secret names will not be visible in the ARM template.

As per the Best practices for CI/CD , While using Key vault in CICD process, it is recommended to keep the same secret names across all stages. If you keep the same secret names, you don't need to parameterize each connection string across CI/CD environments because the only thing that changes is the key vault name

When you use linked services whose connection information is stored in Azure Key Vault, it is recommended to keep separate key vaults for different environments. You can also configure separate permission levels for each key vault. For example, you might not want your team members to have permissions to production secrets. If you follow this approach, we recommend that you to keep the same secret names across all stages. If you keep the same secret names, you don't need to parameterize each connection string across CI/CD environments because the only thing that changes is the key vault name, which is a separate parameter.

Please let us know if the suggested response helped. Thanks!