secret_scopes
Creates, updates, deletes, gets or lists a secret_scopes resource.
Overview
| Name | secret_scopes |
| Type | Resource |
| Id | databricks_workspace.workspace.secret_scopes |
Fields
The following fields are returned by SELECT queries:
- list
| Name | Datatype | Description |
|---|---|---|
name | string | A unique name to identify the secret scope. |
backend_type | string | The type of secret scope backend. (AZURE_KEYVAULT, DATABRICKS) |
keyvault_metadata | object | The metadata for the secret scope if the type is ``AZURE_KEYVAULT`` |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | deployment_name | Lists all secret scopes available in the workspace. | |
create | insert | deployment_name, scope | Creates a new secret scope. | |
delete | exec | deployment_name, scope | Deletes a secret scope. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
deployment_name | string | The Databricks Workspace Deployment Name (default: dbc-abcd0123-a1bc) |
SELECT examples
- list
Lists all secret scopes available in the workspace.
SELECT
name,
backend_type,
keyvault_metadata
FROM databricks_workspace.workspace.secret_scopes
WHERE deployment_name = '{{ deployment_name }}' -- required
;
INSERT examples
- create
- Manifest
Creates a new secret scope.
INSERT INTO databricks_workspace.workspace.secret_scopes (
scope,
backend_azure_keyvault,
initial_manage_principal,
scope_backend_type,
deployment_name
)
SELECT
'{{ scope }}' /* required */,
'{{ backend_azure_keyvault }}',
'{{ initial_manage_principal }}',
'{{ scope_backend_type }}',
'{{ deployment_name }}'
;
# Description fields are for documentation purposes
- name: secret_scopes
props:
- name: deployment_name
value: "{{ deployment_name }}"
description: Required parameter for the secret_scopes resource.
- name: scope
value: "{{ scope }}"
description: |
Scope name requested by the user. Scope names are unique.
- name: backend_azure_keyvault
description: |
The metadata for the secret scope if the type is ``AZURE_KEYVAULT``
value:
resource_id: "{{ resource_id }}"
dns_name: "{{ dns_name }}"
- name: initial_manage_principal
value: "{{ initial_manage_principal }}"
description: |
The principal that is initially granted ``MANAGE`` permission to the created scope.
- name: scope_backend_type
value: "{{ scope_backend_type }}"
description: |
The backend type the scope will be created with. If not specified, will default to ``DATABRICKS``
Lifecycle Methods
- delete
Deletes a secret scope.
EXEC databricks_workspace.workspace.secret_scopes.delete
@deployment_name='{{ deployment_name }}' --required
@@json=
'{
"scope": "{{ scope }}"
}'
;