Databrick CLI important commands.

Recently I came across Databrick CLI commands to setup the Azure Key vaults with databrick-backed scope. I thought to share these useful Databarics CLI commands and tips.

1. How to find the Databrick CLI version.

databricks --version

2. Configure Databricks CLI to connect to specific instance.

a. First you need to go to user account in the workspace section.

b. Then Select the User settings

c. In User settings click Generate Token button.

d. Provide the comment to ensure that this token will be used for which purpose.

e. Copy the token and paste it in the notepad as this is your last opportunity to copy the token because once you close this windows it will not be visible

Once the token is generated it will show the token ID and comments.

We will use this token in the following command to connect to workspace instance. Here I am using the sample host URL and Token.

databricks configure --token
Databricks Host (should begin with https://):
Token: dapi4ecc1bb0f1931c6e3f69c6df326bfb50

Once you have the Databricks connection established you can use any Databricks CLI commands given below.

3. Create a Databricks backed scope.Here I am creating a scope named as blobstorage.

databricks secrets create-scope --scope <scope-name>

4. Create a Scope by using Databricks UI.

To create a scope you need to type this url in the browser. Please note that this url is not given in workspace so you need to construct this url:

#for example,  

You need to enter the Scope name and Key Vault DNS and Resource ID.

Key Vault specific info can be found by clicking the properties section as shown below.

5. Set the permission for a scope.

By default, scopes are created with MANAGE permission for the user who created the scope. In case your account does not have the MANAGE permission to “users” (all users) when you create the scope please use this command

databricks secrets create-scope --scope mynewscope --initial-manage-principal users

#You can list the ACLs by using this comand

databricks secrets list-acls --scope <scope Name>
# this will diosplay the results in the following format:
Principal             Permission
--------------------  ------------
User Name(emailID)  MANAGE

6. Delete the scope.

databricks secrets delete-scope --scope <scope-name>

7. Create Databricks secret.

databricks secrets put --scope <scope-name> --key <key-name>

#For example 
databricks secrets put --scope blobstorage--key mykey

8. List the Databricks secrete defined in the scope.

databricks secrets list-scopes

#Instead of listing specific scope please use scope name like the below #command I have listed the scope for blobstorage.
databricks secrets list --scope blobstorage

9. Delete secret

databricks secrets delete --scope <scope-name> --key <key-name>

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.