Support for Managed Identity/Keyvault in Azure Data Factory Linked Service

[TLaborde]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The resources to set up linked services in Azure Data Factory don't allow for all available authentication scheme. In particular it doesn't allow for Keyvault Secret use (which put secret away from the user) and Managed Identity (which remove even the need for secret).

Can someone have a look? It may required to add an Identity block. It might not be a breaking change.

New or Affected Resource(s)

azurerm_data_factory_linked_service_data_lake_storage_gen2 (need account key and MI)
[other new resources in azurerm_data_factory_linked_service_* can be impacted]

References

https://docs.microsoft.com/en-us/azure/data-factory/connector-azure-data-lake-storage#linked-service-properties
--->

• #0000

[murali1994]

Hello guys,
I have found some configuration is missing in datafactory_linkedservice .As in terraform only connection string variable is present but in azure you can see two options one is connection string and other one is AKV so we as a team decided there should be AKV(Azure keyvault) variable embedded in the module.Because adding only connection string actually gives less value because all the users who have access to datafactory can have ability to get the connection string .So need the community help to add this feature .

Thanks ,
Murali.

[sebastianreloaded]

The Azure Rest API declares a special property typeProperties.password additionally to typeProperties.connectionString, which accepts AzureKeyVaultSecretReference. It would be a great improvement for security using this setup.

See https://docs.microsoft.com/en-us/rest/api/datafactory/linkedservices/createorupdate#sqlserverlinkedservice

[tombuildsstuff]

hey @TLaborde

Thanks for opening this issue

Rather than having a combined issue here - since there's a couple of issues tracking these two issues separately I'm going to close this issue in favour of this issue focusing on the Key Vault integration and this issue focusing on MSI support - would you mind subscribing to those issues for updates?

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!