Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Connecting to Azure Blob Storage -- Key Vault

‎06-15-2021 12:57 AM

Hello All,

I am currently connecting my Power BI Desktop app to Azure blob storage by directly keying in the account key. For a safer approach, I would like to know...


1) if I can place the account key as a secret in Key Vault. If yes, could you provide the steps to call/refer the key vault in the Power BI app 

2) if I can used a SAS (Shared Access Signature)..If yes, could you provide the steps to call/refer the SAS value in the Power BI app 

 

Thanks!


Regards

Mahesh

Labels:
Message 1 of 6
2,562 Views
0
5 REPLIES 5
BenWatt
Frequent Visitor

‎10-07-2021 07:27 AM

There is no native way to call Azure Key Vault from Power BI, so you would need to call the API, creating the conundrom that to authenticate to Key Vault API, you need to store authentication details.

 

I have a solution whereby I created a Power BI Dataflow, which returns the SAS Token. The Dataflow is in a locked-down workspace & thus only accessible by trusted users. The M-code does not have the SAS Token in clear text, but is base64 encoded. This is not secure in any way but gives a very small additional obfuscation layer.

 

Then every single Power BI report that connects to the Azure storage uses the Dataflow to retrieve the token. This means I can change the token in one place when needs be, and all Power BI reports will continue to run smoothly. Anyone can publish, then the credentials to the Power BI dataflow are updated to use a trusted account.

 

This is not a fool proof & highly secure method, so please use at your own discretion.

 

Here is an example of the M query in my SAS Token dataflow:

 

let
  EncodedToken = "ABC123-BASE64-ENCODED-TEXT-ABC123",
  DecodedToken = Lines.FromBinary(Binary.FromText(EncodedToken, BinaryEncoding.Base64), nullnull1252){0},
  ConvertToTable = Table.FromValue(DecodedToken)
in
  ConvertToTable
Message 5 of 6
2,296 Views
Anonymous
Not applicable
In response to BenWatt

‎10-15-2021 08:41 PM

Thanks Ben..

Message 6 of 6
2,244 Views
0
v-easonf-msft
Community Support
Community Support

‎06-17-2021 12:33 AM

Hi, @Anonymous 

Please check if these related documents could help:

service-encryption-byok 

key-vault/secrets/overview-storage-keys 

storage-keys-sas-tokens-code 

Best Regards,
Community Support Team _ Eason

Message 2 of 6
2,490 Views
0
Anonymous
Not applicable
In response to v-easonf-msft

‎06-17-2021 12:44 AM

Hi Eason,

Thanks for providing the links !

I have already gone through these links and other similar articles from Microsoft (and community forums), but with no success. My requirement is to see if there is an article or sample code snippet to be used in Power BI to call the account key. (I am assuming it would need to be written in the Power Query editor, as I have not been able to locate other settings).

 

Thanks.

Message 3 of 6
2,477 Views
0
Nandu2520
Helper I
Helper I
In response to Anonymous

‎12-20-2022 04:51 PM

Any suggestions on the above one?

Message 4 of 6
983 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All