Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
g3kuser
New Contributor III

mssparkutils credentials library in notebook

โ€Ž04-08-2025 05:59 AM
Hi
 
With recent support of SPN authentication with Fabric ci-cd libraries, I am trying to deploy pipelines and notebook through SPN. I see the item owner as the SPN.  I have the following code in notebook which doesn't mention any credential. Is this using SPN credentials/User credential/Workspace Identity. 
 
secret_value = notebookutils.mssparkutils.credentials.getSecret(keyvault_url,'secret_name)
mssparkutils.credentials.getToken("https://api.fabric.microsoft.com/")
 
I have not given workspace identity access to key vault so I doubt if secret reading call goes that that auth.
 
I did notice in Monitoring when notebook executed through a pipeline has submitted user for notebook execution as SPN who is the item owner as well.
 
Can anyone help me in understanding the process?
 
Thanks,
 
Gayatri
 
Labels:
Message 1 of 4
3,164 Views
0
1 ACCEPTED SOLUTION
nilendraFabric
Honored Contributor

โ€Ž04-08-2025 10:01 AM

Hi @g3kuser 

 

When you call the mssparkutils credentials functions without specifying any explicit credentials or linked service parameters, the runtime automatically uses the identity under which the notebook is executing. In your case, because the notebook is being deployed and run through a Fabric pipeline configured with SPN authenticationโ€”and the SPN appears as the item ownerโ€”the mssparkutils calls are using the service principalโ€™s credentials.

 

 

In your current setup, since no explicit workspace identity configuration is provided (or its permissions granted for Key Vault access), the secret retrieval and token acquisition calls fall back to using the SPN credentials

View solution in original post

Message 2 of 4
3,131 Views
0
3 REPLIES 3
nilendraFabric
Honored Contributor

โ€Ž04-08-2025 10:01 AM

Hi @g3kuser 

 

When you call the mssparkutils credentials functions without specifying any explicit credentials or linked service parameters, the runtime automatically uses the identity under which the notebook is executing. In your case, because the notebook is being deployed and run through a Fabric pipeline configured with SPN authenticationโ€”and the SPN appears as the item ownerโ€”the mssparkutils calls are using the service principalโ€™s credentials.

 

 

In your current setup, since no explicit workspace identity configuration is provided (or its permissions granted for Key Vault access), the secret retrieval and token acquisition calls fall back to using the SPN credentials

Message 2 of 4
3,132 Views
0
g3kuser
New Contributor III
In response to nilendraFabric

โ€Ž04-08-2025 04:24 PM

Thank you for the explanation. As the executing user is SPN I am unable to understand how token was retrieved without the need of client secret to be supplied for the process. 

Message 3 of 4
3,113 Views
0
g3kuser
New Contributor III

โ€Ž04-08-2025 04:25 PM

Hi @nilendraFabric 

I am curious to understand how it worked without the need for client secret to be passed to the process.

Message 4 of 4
3,113 Views
0

Helpful resources

Announcements
View All
Users online (25)