Recently I came across Databrick CLI commands to set up the Azure Key vaults with databrick-backed scope. I thought to share these useful Databarics CLI commands and tips.
1. How to find the Databrick CLI version.
2. Configure Databricks CLI to connect to a specific instance.
a. First you need to go to a user account in the workspace section.
b. Then select the User settings
c. In User, settings click Generate Token button.
d. Provide the comment to ensure that this token will be used for which purpose.
e. Copy the token and paste it into the notepad as this is your last opportunity to copy the token because once you close these windows it will not be visible.
Once the token is generated it will show the token ID and comments.
We will use this token in the following command to connect to the workspace instance. Here I am using the sample host URL and Token.
databricks configure --token Databricks Host (should begin with https://): https://centralus.azuredatabricks.net Token: dapi4ecc1bb0f1931c6e3f69c6df326bfb50
Once you have the Databricks connection established you can use any Databricks CLI commands given below.
3. Create a Databricks-backed scope.Here I am creating a scope named as blobstorage.
databricks secrets create-scope --scope <scope-name>
4. Create a Scope by using Databricks UI. To create a scope you need to type this URL in the browser. Please note that this URL is not given in the workspace so you need to construct this URL:
https://<your_azure_databricks_url>#secrets/createScope #for example, https://westus.azuredatabricks.net#secrets/createScope
You need to enter the Scope name and Key Vault DNS and Resource ID.
Key Vault info can be found by clicking the properties section as shown below.
5. Set the permission for a scope. By default, scopes are created with MANAGE permission for the user who created the scope. In case your account does not have the
MANAGE permission to “users” (all users) when you create the scope please use this command
databricks secrets create-scope --scope mynewscope --initial-manage-principal users #You can list the ACLs by using this comand databricks secrets list-acls --scope <scope Name> # this will diosplay the results in the following format: Principal Permission -------------------- ------------ User Name(emailID) MANAGE
6. Delete the scope.
databricks secrets delete-scope --scope <scope-name>
7. Create Databricks secret.
databricks secrets put --scope <scope-name> --key <key-name> #For example databricks secrets put --scope blobstorage--key mykey
8. List the Databricks secret defined in the scope.
databricks secrets list-scopes #Instead of listing specific scope please use scope name like the below #command I have listed the scope for blobstorage. databricks secrets list --scope blobstorage
9. Delete secret
databricks secrets delete --scope <scope-name> --key <key-name>