cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

need to fetch secrets from key vault in my local

Go to solution
KVNARK
Honored Contributor II

‎02-16-2023 09:46 PM

Could you please look into this if I'm missing something. Getting the below error:

azure.core.exceptions.ServiceRequestError: Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.

Using below function for that.

def get_auth_creds(KVUri, keyVaultName, username, password):

print(" loading credentials for local system ")

credential = DefaultAzureCredential(connection_verify=False, exclude_shared_token_cache_credential=True)

client = SecretClient(vault_url=KVUri, credential=credential)

print("Retrieving your secret from {}.".format(keyVaultName))

user = client.get_secret(username).value

pwd = client.get_secret(password).value

return user, pwd

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
jenykooe
New Contributor III

‎02-17-2023 12:24 AM

It looks like you are having an issue with bearer token authentication when accessing your secrets in Azure Key Vault.

The error message indicates that the bearer token authentication method is prohibited for non-TLS-protected URLs, meaning your Key Vault URL may not use HTTPS.

To fix this issue, you will need to make sure that the URL for your Key Vault starts with 

"https://"

instead of 

"http://"

This will enable TLS encryption and allow you to use bearer token authentication.

Additionally, it's important to note that using the "exclude_shared_token_cache_credential=True" parameter in your DefaultAzureCredential object may cause issues with your authentication.

This parameter excludes any previously cached credentials but may not be necessary in all cases. I would recommend removing this parameter to see if it resolves your issue.

Here's an updated version of your code that includes these changes:

scss

Copy code

def get_auth_creds(KVUri, keyVaultName, username, password): print(" loading credentials for local system ") credential = DefaultAzureCredential(connection_verify=False) client = SecretClient(vault_url=KVUri, credential=credential) print("Retrieving your secret from {}.".format(keyVaultName)) user = client.get_secret(username).value pwd = client.get_secret(password).value return user, pwd

I hope this helps! Let me know if you have any other questions.

View solution in original post

3 REPLIES 3

Go to solution
jenykooe
New Contributor III

‎02-17-2023 12:24 AM

It looks like you are having an issue with bearer token authentication when accessing your secrets in Azure Key Vault.

The error message indicates that the bearer token authentication method is prohibited for non-TLS-protected URLs, meaning your Key Vault URL may not use HTTPS.

To fix this issue, you will need to make sure that the URL for your Key Vault starts with 

"https://"

instead of 

"http://"

This will enable TLS encryption and allow you to use bearer token authentication.

Additionally, it's important to note that using the "exclude_shared_token_cache_credential=True" parameter in your DefaultAzureCredential object may cause issues with your authentication.

This parameter excludes any previously cached credentials but may not be necessary in all cases. I would recommend removing this parameter to see if it resolves your issue.

Here's an updated version of your code that includes these changes:

scss

Copy code

def get_auth_creds(KVUri, keyVaultName, username, password): print(" loading credentials for local system ") credential = DefaultAzureCredential(connection_verify=False) client = SecretClient(vault_url=KVUri, credential=credential) print("Retrieving your secret from {}.".format(keyVaultName)) user = client.get_secret(username).value pwd = client.get_secret(password).value return user, pwd

I hope this helps! Let me know if you have any other questions.

Go to solution
Anonymous
Not applicable

‎02-17-2023 10:51 PM

Hope everything is going great.

Just wanted to check in if you were able to resolve your issue. If yes, would you be happy to mark an answer as best so that other members can find the solution more quickly? If not, please tell us so we can help you. 

Cheers!

Go to solution
KVNARK
Honored Contributor II
In response to Anonymous

‎02-21-2023 08:06 AM

@Vidula Khanna​ Its done. Thanks!

Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.