How can an ADF Custom Activity access the Azure Key Vault?

2
votes

I have a custom activity that runs through and ADF pipeline, with an Azure Batch for the execution. The custom activity needs to access the Azure Key Vault, but I don't want to leave any secrets/keys coded in the custom activity.

How can I get the custom activity to use the service principal to access the Azure Key Vault? I have no problem coding access to the Azure Key Vault using the service principal credentials (appId and key), but I obviously don't want to leave a key in the code.

So the question is: How can an ADF Custom Activity, running in an Azure Batch, access the Azure Key Vault through a service principal?

Thanks!

1
azureazure-data-factoryazure-keyvaultazure-batch

1 Answers

1
votes

This is similar to how to access Key Vault from a Azure Batch task. There are some ways to avoid hard-code the secrets in code. One is to use certificate which can be deployed to the Batch VM (https://samcogan.com/secure-credential-access-with-azure-batch-and-keyvault/), or you may use resource file (https://docs.microsoft.com/en-us/azure/batch/batch-dotnet-get-started#resourcefiles) to provide the secrets.