Credentials for source authentication in Azure Purview

• 02/11/2021
• 2 minutes to read
• • v
  • h
  • J
  • n
  • m
  • +3

This article describes how you can create credentials in Azure Purview. These saved credentials let you quickly reuse and apply saved authentication information to your data source scans.

Prerequisites

• An Azure key vault. To learn how to create one, see Quickstart: Create a key vault using the Azure portal.

Introduction

A credential is authentication information that Azure Purview can use to authenticate to your registered data sources. A credential object can be created for various types of authentication scenarios, such as Basic Authentication requiring username/password. Credential capture specific information required to authenticate, based on the chosen type of authentication method. Credentials use your existing Azure Key Vaults secrets for retrieving sensitive authentication information during the Credential creation process.

Use Purview managed identity to set up scans

If you are using the Purview managed identity to set up scans, you will not have to explicitly create a credential and link your key vault to Purview to store them. For detailed instructions on adding the Purview managed identity to have access to scan your data sources, refer to the data source-specific authentication sections below:

• Azure Blob Storage
• Azure Data Lake Storage Gen1
• Azure Data Lake Storage Gen2
• Azure SQL Database
• Azure SQL Database Managed Instance
• Azure Synapse Analytics

Create Azure Key Vaults connections in your Azure Purview account

Before you can create a Credential, first associate one or more of your existing Azure Key Vault instances with your Azure Purview account.

1. From the Azure portal, select your Azure Purview account. Navigate to the Management Center and then navigate to credentials.

2. From the Credentials page, select Manage Key Vault connections.

   

3. Select + New from the Manage Key Vault connections page.

4. Provide the required information, then select Create.

5. Confirm that your Key Vault has been successfully associated with your Azure Purview account as shown in this example:

   

Grant the Purview managed identity access to your Azure Key Vault

1. Navigate to your Azure Key Vault.

2. Select the Access policies page.

3. Select Add Access Policy.

   

4. In the Secrets permissions dropdown, select Get and List permissions.

5. For Select principal, choose the Purview managed identity. You can search for the Purview MSI using either the Purview instance name or the managed identity application ID. We do not currently support compound identities (managed identity name + application ID).

   

6. Select Add.

7. Select Save to save the Access policy.

   

Create a new credential

These credential types are supported in Purview:

• Basic authentication: You add the password as a secret in key vault.
• Service Principal: You add the service principal key as a secret in key vault.
• SQL authentication: You add the password as a secret in key vault.
• Account Key: You add the account key as a secret in key vault.

For more information, see Add a secret to Key Vault.

After storing your secrets in the key vault:

1. In Azure Purview, go to the Credentials page.

2. Create your new Credential by selecting + New.

3. Provide the required information. Select the Authentication method and a Key Vault connection from which to select a secret from.

4. Once all the details have been filled in, select Create.

   

5. Verify that your new credential shows up in the list view and is ready to use.

   

Manage your key vault connections

1. Search/find Key Vault connections by name

   

2. Delete one or more Key Vault connections

   

Manage your credentials

1. Search/find Credentials by name.

2. Select and make updates to an existing Credential.

3. Delete one or more Credentials.

Next steps

Create a scan rule set