Secret redaction

Storing credentials as Azure Databricks secrets makes it easy to protect your credentials when you run notebooks and jobs. However, it is easy to accidentally print a secret to standard output buffers or display the value during variable assignment.

To prevent this, Azure Databricks redacts secret values that are read using dbutils.secrets.get(). When displayed in notebook cell output, the secret values are replaced with [REDACTED].

Warning

Secret redaction for notebook cell output applies only to literals. The secret redaction functionality therefore does not prevent deliberate and arbitrary transformations of a secret literal. To ensure the proper control of secrets, you should use Workspace object access control (limiting permission to run commands) to prevent unauthorized access to shared notebook contexts.