search

Secrets Using Azure Key Vault

Azure Key Vault secrets facilitate the secure management of confidential credentials for authentication, ensuring they remain undisclosed within the notebook. This method preserves credential security while enabling monitoring of their usage and access across diverse services. In addition to managing secrets, Key Vault also supports key management and certificate management.

hashtag
Azure Key Vault Secrets In Databricks

hashtag
Creating A Secret Scope

To create a secret scope in Databricksarrow-up-right, users can access the portal at https://<databricks-instance>#secrets/createScope, leveraging properties available from the Azure Key Vault portal.

Alternatively, users can create a Databricks-backed secret scope using the Databricks CLIarrow-up-right or the Secrets APIarrow-up-right.

circle-info

Access should be allowed to the Databricks workspace from the Networking tab within Azure Key Vault settings.

hashtag
Accessing Secrets Within Notebooks

To access the secrets within notebooksarrow-up-right, users need to utilize appropriate utility functions from the dbutils.secrets library.

# Gets Secret
secretVar = dbutils.secrets.get(scope="<scope-name>", key="<key-name>")


# Lists All Secrets
secretList = dbutils.secrets.list("<scope-name>")

hashtag
Azure Key Vault Secrets In Synapse

hashtag
Creating A Linked Service

In Synapse, establishing a connection to an Azure Key Vault necessitates creating a linked servicearrow-up-right to authenticate the workspace with the vault.

circle-info

Access should be allowed to the Synapse workspace from the Networking tab within Azure Key Vault settings.

hashtag
Accessing Secrets Within Notebooks

To access the secrets within notebooksarrow-up-right, users need to utilize appropriate utility functions from the mssparkutils.credentials library.

Alternatively, users can access secrets directly by changing the Spark configuration within the notebook.

hashtag
Key Differences

hashtag
Databricks-Backed Secret Scopes

In Databricks, users have the capability to create and delete customized secrets within their Databricks-backed secret scopesarrow-up-right. These actions are exclusively performed through the Databricks CLI or Secrets API but can be accessed from within notebooks.

In contrast, Synapse does not include the capability to create or delete custom secrets directly within the workspace. It exclusively accesses secrets and keys directly from Azure Key Vault.

hashtag
References

PreviousMounting Cloud Object StorageNextStoring Data Using Local Data Warehouse

Last updated