Use Azure Key Vault secrets in pipeline activities
You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.
This feature relies on the data factory managed identity. Learn how it works from Managed identity for Data Factory and make sure your data factory has one associated.
Open the properties of your data factory and copy the Managed Identity Application ID value.
Open the key vault access policies and add the managed identity permissions to Get and List secrets.
Click Add, then click Save.
Navigate to your Key Vault secret and copy the Secret Identifier.
Make a note of your secret URI that you want to get during your data factory pipeline run.
In your Data Factory pipeline, add a new Web activity and configure it as follows.
Property Value Secure Output True URL [Your secret URI value]?api-version=7.0 Method GET Authentication MSI Resource https://vault.azure.net
You must add ?api-version=7.0 to the end of your secret URI.
Set the Secure Output option to true to prevent the secret value from being logged in plain text. Any further activities that consume this value should have their Secure Input option set to true.
To use the value in another activity, use the following code expression @activity('Web1').output.value.
To learn how to use Azure Key Vault to store credentials for data stores and computes, see Store credentials in Azure Key Vault