Adding Key Vault Secret to Power Automate using Managed Identities.

Malvaro 85 Reputation points
2024-04-19T08:13:02.62+00:00

Good morning MS Team,

I am creating an application where different Power Automate Scripts are managing the Entra ID users and app registrations using an specific App registration with high-level permissions. Right now, I have the App Registration Id and Secret as Power Automate variables in my scripts.

By leveraging Azure, I've been thinking to use the Azure Key Vault and Managed identity to get the App Registration Attributes (Id, Secret) in my Scripts using no global variables. However, when I am trying to configure the Key Vault provider in my Power Automate Scripts, I can see only 2 options: App registration (to access to the KV) or User/Password:

Question: Would it be possible to access these KV secrets using a managed identity as depicted in the image?

User's image

Thanks you in advance,

Cheers,

Moisés.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,120 questions
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
113 questions
SharePoint Workflow
SharePoint Workflow
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Workflow: An orchestrated and repeatable pattern of business activity, enabling data transformation, service provision, and information retrieval.
509 questions
0 comments
Accepted answer
  1. Deepanshu katara 4,905 Reputation points
    2024-04-19T10:04:36.1633333+00:00

    Hi, Welcome to MS Q&A

    Using Managed Identity with Azure Key Vault is a recommended practice for securely accessing secrets without exposing them directly in your code or using global variables. However, Power Automate might not directly support Managed Identity for accessing Key Vault secrets out of the box.

    They only support Service principal or app registration User's image

    To achieve this, you might need to implement a workaround:

    1. Azure Function or Logic App: You can create an Azure Function or Logic App that retrieves secrets from Azure Key Vault using Managed Identity. Then, your Power Automate scripts can call this Azure Function or Logic App to get the required secrets.
    2. Azure Automation: Azure Automation might also be an option for running your scripts securely with Managed Identity and accessing Key Vault secrets.

    Kindly check this for more info https://learn.microsoft.com/en-us/connectors/keyvault/

    Please accept answer if it helps, Thanks!

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Malvaro 85 Reputation points
    2024-04-25T06:30:05.28+00:00

    HI Team,

    I would like to show a different solution to cover this point.:https://learn.microsoft.com/en-us/power-apps/maker/data-platform/environmentvariables-azure-key-vault-secrets

    User's image

    Please note that the Dataverse app registration was created by D365, therefore, we must search it.

    The only caveat is that the user to whom the flow was assigned must have the same rights as the Dataverse App registration, however, we can skip this step by directly assigning an App registration (new one) by giving permissions to the KeyVault and execute the Flow.

    I hope this may help,

    Cheers,

    Moisés.

    0 comments