Where to store secret token retrieved during runtime?

Pratim Das, Partha C 306 Reputation points
2024-03-12T05:19:55.7833333+00:00

Hi Team,

I'm trying to visualize and best way to implement a very common enterprise use case.

I'm using ADF, Key Vault, Azure SQL data base as inventories.

Requirement is to fetch some data from an exposed API. Before calling the API I need to generate one access token by calling a different API from the same vendor. This token has TTL 3 months. So I prefer to store it in my inventories.

Now I'm confused where to store the runtime secret?

In KV if we try to store, I need to give ADF Service Principle, set access to KV which may not be a good solution. Even after saving I need to store the secret version for retrieving the value again.

Within ADF I can't store as after ADF execution completes this secret will be destroyed.

Can we store it in Azure SQL by allowing masing? Can SQL protect the secure token properly?

Please share your views.

Regards,

Partha

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,342 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    2 deleted comments

    Comments have been turned off. Learn more

  2. Akshay-MSFT 17,891 Reputation points Microsoft Employee
    2024-03-28T11:10:43.23+00:00

    @Pratim Das, Partha C

    Answering to your query: If I set key vault secret value in runtime, the version will change. How can I know going forward which version to use?

    As per :https://zcusa.951200.xyz/en-us/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities

    The secret-version is optional; the latest version is returned when not specified. It is often desirable to specify a secret URI in a pipeline without a specific version so that the pipeline always uses the latest version of the secret.

    User's image

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.