CODEWITHSUNDEEP
azure-keyvaultazure-data-factorysecurestring
Naresh Podishetty
Naresh Podishetty

Reputation: 797

Secure ADF v2 Pipeline Parameter String for WebActivity

I have ADF v2 Pipeline with a WebActivity which has a REST Post Call to get Jwt Access token from AD token api (https://login.microsoftonline.com/myorg.onmicrosoft.com/oauth2/token)

I have to pass username and password in the body. Right now, i'm using pipeline parameters to pass these with the request and is working fine. 

username=@{pipeline().parameters.username}
&password=@{pipeline().parameters.password}

But, the parameters tab has plain text which i have to secure.

enter image description here

now, what options do i have to secure the parameter values i'm using in this pipeline instead of plain text.

i have explored this article https://learn.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault#reference-secret-stored-in-key-vault But, this is to store secrets for data stores. In my web activity i do not have any dataset. it is just a web activity with rest call.

Any help or pointers would be appreciated. Thanks

Upvotes: 9

Views: 1758

Answers (2)

Jess
Jess

Reputation: 3715

Solution 1

In short, use the unimportant passwords in the current ADF, and configure important passwords in production ADF.

  1. store your password and others in ADF, and save them into your git repository. This ADF is for the test.
  2. publish
  3. go to Azure DevOps, and release an ADF from the published template with the password.

Solution 2

Use Web Activity to get key-vault and send output to other activities.

Upvotes: 0

user4332145
user4332145

Reputation: 11

I have implemented little differently,here is my implementation.

  1. Store your credential in storage account of your choice.
  2. use lookup activity in data factory.
  3. use lookup activity output for your rest api call.

I hope this will help. in your case you can use something like this

create a file generateToken.json { "resource":"xxxxxxxxxxxxxxxx", "client_id":"xxxxxxxxxxxxxxx" "grant_type":"xxxxxxxxxxxxxxxx" "username":"xxxxxxxxxxxxxxxxxxx" "password":"xxxxxxxxxxxxxxxxxxxx" }

if you are concern about security of password, decode your password before you add to the generateToken.json and decode at data factory before you make rest api call to generate token using data factory decodeBase64 function.

Viral

Upvotes: 1

Related Questions