cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

need to fetch secrets from key vault in my local

KVNARK
Honored Contributor II

Could you please look into this if I'm missing something. Getting the below error:

azure.core.exceptions.ServiceRequestError: Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.

Using below function for that.

def get_auth_creds(KVUri, keyVaultName, username, password):

print(" loading credentials for local system ")

credential = DefaultAzureCredential(connection_verify=False, exclude_shared_token_cache_credential=True)

client = SecretClient(vault_url=KVUri, credential=credential)

print("Retrieving your secret from {}.".format(keyVaultName))

user = client.get_secret(username).value

pwd = client.get_secret(password).value

return user, pwd

1 ACCEPTED SOLUTION

Accepted Solutions

jenykooe
New Contributor III

It looks like you are having an issue with bearer token authentication when accessing your secrets in Azure Key Vault.

The error message indicates that the bearer token authentication method is prohibited for non-TLS-protected URLs, meaning your Key Vault URL may not use HTTPS.

To fix this issue, you will need to make sure that the URL for your Key Vault starts with

"https://" 

instead of

"http://"

This will enable TLS encryption and allow you to use bearer token authentication.

Additionally, it's important to note that using the "exclude_shared_token_cache_credential=True" parameter in your DefaultAzureCredential object may cause issues with your authentication.

This parameter excludes any previously cached credentials but may not be necessary in all cases. I would recommend removing this parameter to see if it resolves your issue.

Here's an updated version of your code that includes these changes:

scss

Copy code

def get_auth_creds(KVUri, keyVaultName, username, password): print(" loading credentials for local system ") credential = DefaultAzureCredential(connection_verify=False) client = SecretClient(vault_url=KVUri, credential=credential) print("Retrieving your secret from {}.".format(keyVaultName)) user = client.get_secret(username).value pwd = client.get_secret(password).value return user, pwd

I hope this helps! Let me know if you have any other questions.

View solution in original post

3 REPLIES 3

jenykooe
New Contributor III

It looks like you are having an issue with bearer token authentication when accessing your secrets in Azure Key Vault.

The error message indicates that the bearer token authentication method is prohibited for non-TLS-protected URLs, meaning your Key Vault URL may not use HTTPS.

To fix this issue, you will need to make sure that the URL for your Key Vault starts with

"https://" 

instead of

"http://"

This will enable TLS encryption and allow you to use bearer token authentication.

Additionally, it's important to note that using the "exclude_shared_token_cache_credential=True" parameter in your DefaultAzureCredential object may cause issues with your authentication.

This parameter excludes any previously cached credentials but may not be necessary in all cases. I would recommend removing this parameter to see if it resolves your issue.

Here's an updated version of your code that includes these changes:

scss

Copy code

def get_auth_creds(KVUri, keyVaultName, username, password): print(" loading credentials for local system ") credential = DefaultAzureCredential(connection_verify=False) client = SecretClient(vault_url=KVUri, credential=credential) print("Retrieving your secret from {}.".format(keyVaultName)) user = client.get_secret(username).value pwd = client.get_secret(password).value return user, pwd

I hope this helps! Let me know if you have any other questions.

Anonymous
Not applicable

Hope everything is going great.

Just wanted to check in if you were able to resolve your issue. If yes, would you be happy to mark an answer as best so that other members can find the solution more quickly? If not, please tell us so we can help you. 

Cheers!

KVNARK
Honored Contributor II

@Vidula Khanna​ Its done. Thanks!

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!