Hide/Encrypt passwords and keys in an Azure Data Factory Project

0 投票
最新提问 用户: (120 分)

I have an Azure Data Factory Visual Studio Project within a GitHub repository, and as part of the configuration I have a few linked services, for example, one for an Asure SQL Database, Azure Blob and one for an Azure Batch, all of these linked services have a connection string or account key.

{
  "$schema": "http://datafactories.schema.management.azure.com/schemas/2015-09-01/Microsoft.DataFactory.LinkedService.json",
  "name": "odsLS",
  "properties": {
    "description": "Connection to ODS database",
    "type": "AzureSqlDatabase",
    "typeProperties": {
      "connectionString": "Data Source=tcp:<data_base_server>,1433;Initial Catalog=<data_base_name>;User ID=<user_name>;Password=<password>;Integrated Security=False;Encrypt=True;Connect Timeout=30"
    }
  }
}

I don't want to save the sensitive data (passwords, keys etc) to my repository, only change it in the publish to Azure process.

How can I manage this?

2 个回答

0 投票
最新回答 用户: (140 分)

ADFSecurePublish supports store secrets in Azure Key Vault and only need to specify the reference to them in the linked services. Refer to: https://github.com/Azure/Azure-DataFactory/tree/master/Samples/ADFSecurePublish

0 投票
最新回答 用户: (140 分)

another option would be to use configuration files which you do not check-in to GitHub

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...