机密编修Secret redaction

将凭据作为 Azure Databricks 密钥存储可以在运行笔记本和作业时轻松地保护凭据。Storing credentials as Azure Databricks secrets makes it easy to protect your credentials when you run notebooks and jobs. 但是,很容易意外地在标准输出缓冲区中打印机密,或在变量赋值期间显示值。However, it is easy to accidentally print a secret to standard output buffers or display the value during variable assignment.

若要防止出现这种情况,请 Azure Databricks 使用读取的 redacts 机密值 dbutils.secrets.get()To prevent this, Azure Databricks redacts secret values that are read using dbutils.secrets.get(). 如果在笔记本单元输出中显示,机密值将替换为 [REDACTED]When displayed in notebook cell output, the secret values are replaced with [REDACTED].

警告

笔记本单元输出的机密密文仅适用于文本。Secret redaction for notebook cell output applies only to literals. 因此,机密密文功能不会阻止秘密文本的故意转换和任意转换。The secret redaction functionality therefore does not prevent deliberate and arbitrary transformations of a secret literal. 为了确保正确控制机密,你应该使用工作区对象访问控制(限制运行命令的权限),以防止未经授权访问共享笔记本上下文。To ensure the proper control of secrets, you should use Workspace object access control (limiting permission to run commands) to prevent unauthorized access to shared notebook contexts.