Adding a keyvault feature in azure datafactory linked service

[murali1994]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I have found some configuration is missing in datafactory_linkedservice .As in terraform only connection string variable is present but in azure you can see two options one is connection string and other one is AKV so we as a team decided there should be AKV(Azure keyvault) variable embedded in the module.Because adding only connection string actually gives less value because all the users who have access to datafactory can have ability to get the connection string .So need the community help to add this feature .

New or Affected Resource(s)

azurerm_data_factory_linked_service_sql_server

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

• #0000

[pearcec]

Looks like a duplicate of #6264

[sebastianreloaded]

copying my comment here:
The Azure Rest API declares a special property typeProperties.password additionally to typeProperties.connectionString, which accepts AzureKeyVaultSecretReference. It would be a great improvement for security using this setup.

See https://docs.microsoft.com/en-us/rest/api/datafactory/linkedservices/createorupdate#sqlserverlinkedservice

[lfraile]

Hello, is there any advance on this issue?

Thank you

[allantargino]

Hey, I'm adding this feature on the new synapse linked service (#9928). Once this is approved and merged, I can work on SQL Server linked service as well and add suport for key vault. The interface would look like this

resource "azurerm_data_factory_linked_service_sql_server" "test" {
  name                = "linksynapse"
  resource_group_name = azurerm_resource_group.test.name
  data_factory_name   = azurerm_data_factory.test.name
  connection_string = "Integrated Security=False;Data Source=test;Initial Catalog=test;User ID=test;"
  key_vault_password {
    linked_service_name  = azurerm_data_factory_linked_service_key_vault.test.name
    secret_name = "secret"
  }

[lfraile]

Seems great, I would be happy to help, but as today, my knowledge of Go is: 0

But if you need me to test any previous version, just let me know @allantargino

[ghost]

This has been released in version 2.43.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.43.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!