secrets
Creates, updates, deletes, gets or lists a secrets resource.
Overview
| Name | secrets |
| Type | Resource |
| Id | databricks_workspace.workspace.secrets |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
key | string | |
value | string | The value of the secret in its byte representation. |
| Name | Datatype | Description |
|---|---|---|
key | string | A unique name to identify the secret. |
last_updated_timestamp | integer | The last updated timestamp (in milliseconds) for the secret. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | scope, key, deployment_name | Gets a secret for a given key and scope. This API can only be called from the DBUtils interface. Users | |
list | select | scope, deployment_name | Lists the secret keys that are stored at this scope. This is a metadata-only operation; secret data | |
put | insert | deployment_name, scope, key | Inserts a secret under the provided scope with the given name. If a secret already exists with the | |
delete | exec | deployment_name, scope, key | Deletes the secret stored in this secret scope. You must have WRITE or MANAGE permission on |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
deployment_name | string | The Databricks Workspace Deployment Name (default: dbc-abcd0123-a1bc) |
key | string | Name of the secret to fetch value information. |
scope | string | The name of the scope to list secrets within. |
SELECT examples
- get
- list
Gets a secret for a given key and scope. This API can only be called from the DBUtils interface. Users
SELECT
key,
value
FROM databricks_workspace.workspace.secrets
WHERE scope = '{{ scope }}' -- required
AND key = '{{ key }}' -- required
AND deployment_name = '{{ deployment_name }}' -- required
;
Lists the secret keys that are stored at this scope. This is a metadata-only operation; secret data
SELECT
key,
last_updated_timestamp
FROM databricks_workspace.workspace.secrets
WHERE scope = '{{ scope }}' -- required
AND deployment_name = '{{ deployment_name }}' -- required
;
INSERT examples
- put
- Manifest
Inserts a secret under the provided scope with the given name. If a secret already exists with the
INSERT INTO databricks_workspace.workspace.secrets (
scope,
key,
bytes_value,
string_value,
deployment_name
)
SELECT
'{{ scope }}' /* required */,
'{{ key }}' /* required */,
'{{ bytes_value }}',
'{{ string_value }}',
'{{ deployment_name }}'
;
# Description fields are for documentation purposes
- name: secrets
props:
- name: deployment_name
value: "{{ deployment_name }}"
description: Required parameter for the secrets resource.
- name: scope
value: "{{ scope }}"
description: |
The name of the scope to which the secret will be associated with.
- name: key
value: "{{ key }}"
description: |
A unique name to identify the secret.
- name: bytes_value
value: "{{ bytes_value }}"
description: |
If specified, value will be stored as bytes.
- name: string_value
value: "{{ string_value }}"
description: |
If specified, note that the value will be stored in UTF-8 (MB4) form.
Lifecycle Methods
- delete
Deletes the secret stored in this secret scope. You must have WRITE or MANAGE permission on
EXEC databricks_workspace.workspace.secrets.delete
@deployment_name='{{ deployment_name }}' --required
@@json=
'{
"scope": "{{ scope }}",
"key": "{{ key }}"
}'
;