credentials

Creates, updates, deletes, gets or lists a credentials resource.

Overview

Name	credentials
Type	Resource
Id	databricks_workspace.unitycatalog.credentials

Fields

The following fields are returned by SELECT queries:

generatetemporaryservicecredential

Request completed successfully.

Name	Datatype	Description
aws_temp_credentials	object
expiration_time	integer

getcredential

Request completed successfully.

Name	Datatype	Description
id	string
name	string
metastore_id	string
full_name	string
aws_iam_role	object
comment	string
created_at	integer
created_by	string
isolation_mode	string
owner	string
purpose	string
read_only	boolean
updated_at	integer
updated_by	string
used_for_managed_storage	boolean

listcredentials

Request completed successfully.

Name	Datatype	Description
id	string
name	string
metastore_id	string
full_name	string
aws_iam_role	object
comment	string
created_at	integer
created_by	string
isolation_mode	string
owner	string
purpose	string
read_only	boolean
updated_at	integer
updated_by	string
used_for_managed_storage	boolean

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
generatetemporaryservicecredential	select	deployment_name		Returns a set of temporary credentials generated using the specified service credential. The caller must be a metastore admin or have the metastore privilege
getcredential	select	deployment_name		Gets a service or storage credential from the metastore. The caller must be a metastore admin, the owner of the credential, or have any permission on the credential.
listcredentials	select	deployment_name		Gets an array of credentials (as
createcredential	insert	deployment_name		Creates a new credential. The type of credential to be created is determined by the
updatecredential	update	deployment_name		Updates a service or storage credential on the metastore.
deletecredential	delete	deployment_name		Deletes a service or storage credential from the metastore. The caller must be an owner of the credential.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
deployment_name	string	The Databricks Workspace Deployment Name (default: dbc-abcd0123-a1bc)

SELECT examples

generatetemporaryservicecredential

Returns a set of temporary credentials generated using the specified service credential. The caller must be a metastore admin or have the metastore privilege

SELECT
aws_temp_credentials,
expiration_time
FROM databricks_workspace.unitycatalog.credentials
WHERE deployment_name = '{{ deployment_name }}' -- required;

getcredential

Gets a service or storage credential from the metastore. The caller must be a metastore admin, the owner of the credential, or have any permission on the credential.

SELECT
id,
name,
metastore_id,
full_name,
aws_iam_role,
comment,
created_at,
created_by,
isolation_mode,
owner,
purpose,
read_only,
updated_at,
updated_by,
used_for_managed_storage
FROM databricks_workspace.unitycatalog.credentials
WHERE deployment_name = '{{ deployment_name }}' -- required;

listcredentials

Gets an array of credentials (as

SELECT
id,
name,
metastore_id,
full_name,
aws_iam_role,
comment,
created_at,
created_by,
isolation_mode,
owner,
purpose,
read_only,
updated_at,
updated_by,
used_for_managed_storage
FROM databricks_workspace.unitycatalog.credentials
WHERE deployment_name = '{{ deployment_name }}' -- required;

INSERT examples

createcredential

Creates a new credential. The type of credential to be created is determined by the

INSERT INTO databricks_workspace.unitycatalog.credentials (
data__name,
data__comment,
data__read_only,
data__purpose,
data__skip_validation,
data__aws_iam_role,
deployment_name
)
SELECT 
'{{ name }}',
'{{ comment }}',
'{{ read_only }}',
{{ purpose }},
'{{ skip_validation }}',
'{{ aws_iam_role }}',
'{{ deployment_name }}'
RETURNING
id,
name,
metastore_id,
full_name,
aws_iam_role,
comment,
created_at,
created_by,
isolation_mode,
owner,
purpose,
read_only,
updated_at,
updated_by,
used_for_managed_storage
;

Manifest

# Description fields are for documentation purposes
- name: credentials
  props:
    - name: deployment_name
      value: string
      description: Required parameter for the credentials resource.
    - name: name
      value: required
    - name: comment
      value: string
    - name: read_only
      value: string
    - name: purpose
      value: boolean
    - name: skip_validation
      value: string
    - name: aws_iam_role
      value: object

UPDATE examples

updatecredential

Updates a service or storage credential on the metastore.

UPDATE databricks_workspace.unitycatalog.credentials
SET 
data__new_name = '{{ new_name }}',
data__comment = '{{ comment }}',
data__read_only = {{ read_only }},
data__owner = '{{ owner }}',
data__isolation_mode = '{{ isolation_mode }}',
data__skip_validation = {{ skip_validation }},
data__force = {{ force }},
data__aws_iam_role = '{{ aws_iam_role }}'
WHERE 
deployment_name = '{{ deployment_name }}' --required
RETURNING
id,
name,
metastore_id,
full_name,
aws_iam_role,
comment,
created_at,
created_by,
isolation_mode,
owner,
purpose,
read_only,
updated_at,
updated_by,
used_for_managed_storage;

DELETE examples

deletecredential

Deletes a service or storage credential from the metastore. The caller must be an owner of the credential.

DELETE FROM databricks_workspace.unitycatalog.credentials
WHERE deployment_name = '{{ deployment_name }}' --required;