Creating a Secret Scope in Databricks
To create a secret scope in Databricks, you can use either the Databricks CLI or the Secrets API. Here’s how to do it using the CLI:
1. Open your terminal or command prompt.
2. Use the following command to create a Databricks-backed secret scope:
databricks secrets create-scope
By default, the scope is created with MANAGE permission for the user who created it. If your account does not have the Premium plan, you must explicitly grant the MANAGE permission to all users when creating the scope:
databricks secrets create-scope --initial-manage-principal users
3. Once the scope is created, you can verify it by listing all scopes:
databricks secrets list-scopes
Frequently Asked Questions
- Q: What are the requirements for a secret scope name?
A: Secret scope names must be unique within a workspace, consist of alphanumeric characters, dashes, underscores, @, and periods, and cannot exceed 128 characters. They are case insensitive.
- Q: How do I delete a secret scope?
A: You can delete a secret scope using the CLI command:
databricks secrets delete-scope. This will delete all secrets and ACLs associated with the scope. - Q: Can I change permissions after creating a scope?
A: Yes, if your account has the Premium plan, you can change permissions at any time after creating the scope.
- Q: What is the difference between Databricks-backed and Azure Key Vault-backed secret scopes?
A: Databricks-backed secret scopes store secrets within Databricks itself, while Azure Key Vault-backed secret scopes store secrets in Azure Key Vault, providing additional security features.
- Q: How do I add secrets to a scope?
A: Once a scope is created, you can add secrets using the CLI command:
databricks secrets put --scope.--key - Q: Can all users see secret scope names?
A: Yes, secret scope names are considered non-sensitive and are readable by all users in the workspace.
- Q: Can I use the Secrets API for managing secret scopes?
A: Yes, you can use the Secrets API to create, list, and delete secret scopes, as well as manage secrets within those scopes.
Bottom Line: Creating a secret scope in Databricks is essential for securely managing sensitive information like passwords and keys. By following these steps and understanding the FAQs, you can effectively use secret scopes to enhance security in your Databricks environment.