⟶
Sometimes it’s useful to get your key vault secret in a Data Factory pipeline (in a secure way).
There are two permission models for Azure Key Vault. Depending on the permission model of your Key Vault, execute the following steps:
Create a new pipeline called “Get Secret” and add a web activity with the following properties:
check
https://@{pipeline().parameters.keyvault_name}.vault.azure.net/secrets/@{pipeline().parameters.secret_name}/@{pipeline().parameters.secret_version}?api-version=@{pipeline().parameters.api_version}
GET
Managed Identity
https://vault.azure.net
Make sure that the parameters are added to the pipeline:
<blank>
<blank>
<blank>
(this parameter is optional)7.0
Pass the name of your Key Vault, and the name of the secret you’d like to read.
When you inspect the activity output, it merely states:
{
"SecureOutput": "**********"
}
To use the secret in your pipeline, enter the following in the dynamic content of your activity:
@{activity('Get Secret').output.value}
At the time of writing it is not possible to get the “Execute Pipeline” activity output information, except for the run id (which you can use to fetch the pipeline run information from the Azure API). Still, I like to have a full-fledged utility pipeline available that I can just copy and use whenever I need it, and run whenever I don’t understand it.