Data factory - Azure Key Vault (Preview) Activity - bug?

Oliver Mills 40

The Azure Key Vault Activity in data factory (in preview) does not do anything - settings tab just says

azure-key-vault-activity-settings works!

Is this expected?

User's image

0 comments

Answer accepted by question author

Pilladi Padma Sai Manisha 9,945 Microsoft External Staff Moderator

Hi @Oliver Mills
Thanks for the additional context. I can see why hardcoding Key Vault URLs throughout pipelines becomes difficult to manage across environments.

Rather than relying on a preview activity, a more common approach is to parameterize the Key Vault base URL (or vault name) and supply environment-specific values during deployment. In Azure Data Factory CI/CD scenarios, this can be done using ARM template parameters, global parameters, or deployment pipeline variables so that the same pipeline code can target different Key Vaults in Dev, Test, and Production without requiring manual updates.

If you're currently using Web activities to retrieve secrets, can you share how the Key Vault URL is defined today (hardcoded in the activity, pipeline parameter, global parameter, etc.)? That will help determine the most maintainable approach for your deployment process.

For reference: https://learn.microsoft.com/azure/data-factory/continuous-integration-delivery https://learn.microsoft.com/azure/data-factory/author-global-parameters

0 comments

Answer accepted by question author

Amira Bedhiafi 42,846 MVP Volunteer Moderator

Hello Oliver !

Thank you for posting on MS Learn Q&A.

This looks like a preview bug not a usable activity configuration screen.

I think it looks like a developer placeholder that accidentally shipped in the ADF authoring UI. I would not rely on this Azure Key Vault Activity for production until Microsoft documents it or the Settings tab exposes real properties.

For now, you can store credentials in Key Vault and referencing them from linked services.

https://learn.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault

Or you can use a Web Activity to read a secret during a pipeline run where you call the Key Vault secret URI using a Web activity with Managed Identity authentication : GET <secret-uri>?api-version=7.5, authentication = managed identity, resource = https://vault.azure.net and enable Secure Output.

The factory managed identity needs Key Vault secret permissions such as Get and usually List, either through access policies or IAM role assignment such as Key Vault Secrets User.

Oliver Mills 40 Reputation points

2026-06-04T16:57:30.03+00:00

Yes we use linked services for connecting to datasources, and for API calls, we use the GET method. The problem this introduces is we now have hardcoded keyvault URLs all throughout our ETL and this is a pain to update for CI/CD (switching dev keyvault url to production keyvault url) - I was hoping the linked service activity may solve this
Pilladi Padma Sai Manisha 9,945 Reputation points Microsoft External Staff Moderator

2026-06-10T05:07:38.7333333+00:00

Hi Oliver,
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 additional answer

Senthil kumar 680 Reputation points

2026-06-10T05:16:42.9766667+00:00

Hi @Oliver Mills

Thanks to raise your thoughts.

This is not a bug. may be some functionality required keys to process methods. to store sql connection string values, passwords, database credentials. SAS tokens. azure key vault used for that.

Thanks.
Was this answer helpful?

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Data factory - Azure Key Vault (Preview) Activity - bug?

1 additional answer

Your answer