-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Managed identity is great way to authentication data factory to connect to resources as you don't have to store connection string/key in code. Azure Data factory supports MI authentication (you don't have create an identity separately). Managed Identity can directly authenticate with SQL server database.
With SQL Authentication we can store password in Key vault with user name specified in linked service. We can create a secret in Azure key vault and authorizing Azure active directory (with managed Identity) to access key vault.
To access az key vault
Create a azure key vault linked service. Note your Data factory's managed identity and assign permissions to key vault -using Access Policies blade--> add access policies (provide get and list permissions, in select principal select data factory MI) Add your secret to KV (key vault)
Service principal is a great way to have one single principal/credentials to be used for accessing various resources in azure . If we have not created, we can create a new service principle in azure AD. Azure Active Directory--> App registrations -->New Registration (it can signal or multitenant) Once App registration is done generate a secret from Certificates & Secret blade. Now secret (password) can be stored in Az key vault. Use step 1.1 to grant permission to app/service principal on azure SQL database and 1.2 to retrieve secret key