Support pulling connection strings and credentials from an Azure Key Vault
We're using Azure Key Vault to manage all of our secrets and credentials for consumption by client applications. It would be nice if we could add Key Vaults as a source of connection strings or other variables in our JSON, and it would be populated by the Data Factory service at deploy/runtime.
Thanks for your feedback. This is now supported: https://docs.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault
Ben Hatton commented
This can be done today if you use ARM template to deploy DF. See
and observe that KeyVault is explicitly mentioned at the bottom.
Too bad about the current disparity between DF specific and general ARM developer experience in Visual Studio. I would hope that DF tooling in VS will move to a more ARM explicit approach in the future. In this interim world, you could put just the linked services into an ARM template with KeyVault references for their connections, but then use the VS tooling for integrated deployment of the remainder of the DF assets.
Alex Marshall commented
This would be extremely useful in an enterprise scenario where our developers don't always have access to secrets and we don't want to store them in source control where we keep our data source and linked service definitions. Please implement this !