Sometimes accessing data requires that you authenticate to external data sources through JDBC. Instead of directly entering your credentials into a notebook, use Azure Databricks secrets to store your credentials and reference them in notebooks and jobs. To manage secrets, you can use the Databricks CLI to access the Secrets API.
Administrators, secret creators, and users granted permission can read Azure Databricks secrets. While Azure Databricks makes an effort to redact secret values that might be displayed in notebooks, it is not possible to prevent such users from reading secrets. For more information, see Secret redaction.
To set up secrets you:
- Create a secret scope. Secret scope names are case insensitive.
- Add secrets to the scope. Secret names are case insensitive.
- If you have the Azure Databricks Premium Plan, assign access control to the secret scope.
This guide shows you how to perform these setup tasks and manage secrets. For more information, see:
- An end-to-end example of how to use secrets in your workflows.
- Reference for the Secrets CLI.
- Reference for the Secrets API.
- How to use Secrets utility (dbutils.secrets) to reference secrets in notebooks and jobs.
In this guide:
- Secret scopes
- Create an Azure Key Vault-backed secret scope
- Create a Databricks-backed secret scope
- List secret scopes
- Delete a secret scope
- Secret redaction
- Secret workflow example