Azure 数据工厂 V2 + 密钥保管库

Question

I am trying to leverage Azure Key Vault to secure password for service account that moves data from on-prem SQL server to Azure Data Lake via Azure Data Factory.我正在尝试利用 Azure Key Vault 来保护服务帐户的密码，该帐户通过 Azure 数据工厂将数据从本地 SQL 服务器移动到 Azure Data Lake。

I first created the Linked Service and hard coded the credentials.我首先创建了链接服务并对凭据进行了硬编码。 It works.它有效。

However, I want to store the service account secret (ie password) within Key Value, and according to the following post , I added the Azure Key Vault Liked Service and referenced credentials stored in key value.但是，我想将服务帐户机密（即密码）存储在 Key Value 中，并且根据以下帖子，我添加了 Azure Key Vault Liked Service 和存储在 key value 中的引用凭据。

Under Advance within the Linked Service, see image #1, Iadded the following JSON:在链接服务中的高级下，请参见图像 #1，我添加了以下 JSON：

{
    "name": "LinkedService",
    "properties": {
        "type": "SqlServer",
        "typeProperties": {
            "username": "<domain>\<account name>",
            "password": {
                "type": "AzureKeyVaultSecret",
                "secretName": "<service account name>",
                "store":{
                    "referenceName": "https://<name>.vault.azure.net/",
                    "type": "LinkedServiceReference"
                }
            }
        },
        "connectVia": {
            "referenceName": "IRMYService",
            "type": "IntegrationRuntimeReference"
        }
    }
}

However, when I look at the final JSON within Linked Service, it doesn't appear correct (refer to final image below).但是，当我查看 Linked Service 中的最终 JSON 时，它似乎不正确（请参阅下面的最终图像）。 Why is username and credentials showing up?为什么显示用户名和凭据？

Answer 1

You probably have missed the below part from that same link-您可能错过了同一链接中的以下部分-

Currently, Dynamics connector, Salesforce connector and a few newly enable connectors support this feature.目前，Dynamics 连接器、Salesforce 连接器和一些新启用的连接器支持此功能。 Expect more coming later.期待更多的到来。 You can check each connector topic on details.您可以查看每个连接器主题的详细信息。 For the secret fields which support this feature, you will see a note in the description saying "You can choose to mark this field as a SecureString to store it securely in ADF, or store password in Azure Key Vault and let the copy acitivty pull from there when performing data copy - learn more from Store credentials in Key Vault."对于支持此功能的机密字段，您将在说明中看到一条注释，上面写着“您可以选择将此字段标记为 SecureString 以将其安全地存储在 ADF 中，或将密码存储在 Azure Key Vault 中并让复制活动从执行数据复制时在那里 - 从 Key Vault 中的存储凭据中了解更多信息。”

As of now Azure Data Lake Store doesn't support Key Vault integration.截至目前， Azure Data Lake Store不支持Key Vault集成。 You can always choose - managed service identity (MSI) authentication which would not expose your service principal information's.您始终可以选择 -托管服务身份 (MSI)身份验证，它不会公开您的服务主体信息。

The same applies to Sql Server as well - you have to choose Secure String for using the connectionString & password .这同样适用于Sql Server - 您必须选择Secure String以使用connectionString & password 。

Answer 2

This is now supported out of the box.现在支持开箱即用。 The link you provided has also been updated to reflect this:您提供的链接也已更新以反映这一点：

Currently, all activity types except custom activity support this feature.目前，除自定义活动外的所有活动类型都支持此功能。 For connector configuration specifically, check the "linked service properties" section in each connector topic for details.对于连接器配置，请查看每个连接器主题中的“链接服务属性”部分以了解详细信息。

For more, check the docs for Data Lake Storage Gen 1 and docs for Data Lake Storage Gen2 .有关更多信息，请查看Data Lake Storage Gen 1 的文档和 Data Lake Storage Gen2 的文档。

Azure 数据工厂 V2 + 密钥保管库

问题描述

2 个解决方案

解决方案1
1 2018-01-22 12:20:41

解决方案2
1 2018-09-21 13:04:10

Azure 数据工厂 V2 + 密钥保管库

问题描述

2 个解决方案

解决方案1 1 2018-01-22 12:20:41

解决方案2 1 2018-09-21 13:04:10

解决方案1
1 2018-01-22 12:20:41

解决方案2
1 2018-09-21 13:04:10