Skip to content

Initialize Data Privacy Encryption in Microsoft Fabric

Learn how to securely enable encryption and decryption for data privacy in Microsoft Fabric.

Prerequisites

Before you start, ensure you have a strong symmetric encryption key and access to Azure Key Vault.

Generate and Store an Encryption Key

A symmetric encryption key is required for Presidio to encrypt and decrypt sensitive data.

Key Requirements

Presidio requires a cryptographically strong, random symmetric key:

  • The key must be a string with a length of 128, 192, or 256 bits (16, 24, or 32 bytes).
  • You can generate this key at randomkeygen.com

Store the Encryption Key in Azure Key Vault

Use Azure Key Vault to securely store your encryption key. The default Key Vault provided by the NCC can be used, or a new Key Vault can be created to store the encryption key.

Important:
- Always store your encryption key in a secure location like Azure Key Vault. - Never share your key or commit it to source control.

Enable Encryption in Fabric

Follow these steps to enable encryption and decryption in your Fabric environment.

Import Required Public Libraries

  1. In your Fabric workspace, go to NCC_ENV > Public libraries.
  2. Add the following dependencies. You can copy and paste the YAML below or enter them manually:
dependencies:
  - pip:
      - pydantic==2.9.0
      - faker==37.1.0
      - presidio-analyzer==2.2.358
      - presidio-anonymizer==2.2.358
      - numpy==1.26.4

Save and Deploy the Environment

After adding the libraries, save and publish the environment. Deployment may take a few minutes.

Set the Environment as Default

To set this environment as the default:

  • Go to Workspace settings
  • Select Data Engineering/Science
  • Navigate to Spark settings > Environment
  • Select Set default environment
  • Choose your newly created environment
  • Click Save

Add the data_privacy_key_vault Variable

The variable data_privacy_key_vault must be defined in the Tenant variable tab and set to the key vault name containing the encryption key.

Your Fabric environment is now configured for secure data operations, with encryption and decryption features enabled for data privacy workflows.