Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
annaselway
Frequent Visitor

Encrypt Client Credentials for API data connector

Hi, 

 

I was wondering if there is a way to encrypt values in Power BI? Store them as secrets? For example in databricks you have secret scopes, which holds the values for something as variable you can use within your code? 

 

I have a data connector that i've defined in the advanced editor of Power Query - that requires the use of client crednetials to call the API to retrieve a Bearer Token. I currently have to physically write the secret value in the script, which does not appear secure/encrypt or align with security practice, how should i manage this? I want to be able to encrypt what i have in replace of [clientsecret] in my file. 

 

    token_url = "https://[url]",
    url = "https://[url]",
    
    body="grant_type=client_credentials&client_id=[clientid]&client_secret=[clientsecret]",
    Source1  = Json.Document(Web.Contents(token_url,
   [ 
     Headers = [#"Content-Type"="application/x-www-form-urlencoded"],
     Content=Text.ToBinary(body)
   ]
   )
   ),
    token = Source1[access_token], 
    bodytext = Custom1,
    body2=bodytext,
    Source2 = Json.Document(Web.Contents(url, [
        Headers = [#"Authorization"="Bearer "&token, 
        #"Content-Type"="application/json"],
        Content = Text.ToBinary(body2)
    ])),

 

 

3 REPLIES 3
v-shex-msft
Community Support
Community Support

Hi @annaselway,

If you only mean the simple binary and text conversation with a particular encode (e.g. base64) or some calculations and replacement with specific rules, they are possible. You can integrate these types of query power functions into your connector to handle these inputted values.

If you mean the additional verifications with custom authorization or specified credentials(virtual or physical) from a local device or invoke from external web resources, I don't think they are simply to be achieved.
Even if you succeed processed on the desktop side, they may also be blocked when you test on the power bi service side. (it contains a few security to limit these operations)

Power BI Security#data-storage-security 
Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

Hi Xiaoxin, 

 

I'm more concerned with keeping the client_secret value, a secret. So whether theres a way to store that within the pbix file in a way that someone else cannot access or see it? 

Hi @annaselway,

AFAIK, current power bi report not keeping any credentials int to pbix file.

They are stored on the power i desktop client instead of attach into pbix file, every time you publish a pbix file, you still need to fix its data credentials on service side.

In my opinion, I'd like to suggest you create/use rest api to transfer the secret values. You can add a query table to invoke and get the credentials string from that api and use in your connector. It should better than directly typing these credentials/secret string in your connector.
Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.