Skip to main content
Last updated on

Add a Unity Catalog connection resource to a Databricks app

Add Unity Catalog connections as Databricks Apps resources to enable secure access to external services and data sources. Unity Catalog connections manage credentials and authentication details, so you don't have to hardcode credentials in your application code.

Add a Unity Catalog connection resource

Before you add a Unity Catalog connection as a resource, review the app resource prerequisites.

  1. When you create or edit an app, navigate to the Configure step.
  2. In the App resources section, click + Add resource.
  3. Select UC connection as the resource type.
  4. Choose a Unity Catalog connection from the list of available connections in your workspace.
  5. Select the permission level for your app:
    • Use Connection: Grants the app permission to use the connection to access external services. Corresponds to the USE CONNECTION privilege.
  6. (Optional) Specify a custom resource key, which is how you reference the connection in your app configuration. The default key is connection.

When you add a Unity Catalog connection resource:

  • Databricks grants your app's service principal the USE CONNECTION privilege on the selected connection.
  • The app can access external services without managing credentials directly.
  • Connection credentials are securely managed by Unity Catalog and not exposed to your application code.

Environment variables

When you deploy an app with a Unity Catalog connection resource, Databricks exposes the connection name through environment variables that you can reference using the valueFrom field.

Example configuration:

YAML
env:
  - name: UC_CONNECTION_NAME
    valueFrom: connection # Use your custom resource key if different

Using the connection in your application:

Python
import os
from databricks.sdk import WorkspaceClient
from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod

# Access the connection name
connection_name = os.getenv("UC_CONNECTION_NAME")

# Initialize workspace client
w = WorkspaceClient()

# Make HTTP request through the connection
response = w.serving_endpoints.http_request(
    conn=connection_name,
    method=ExternalFunctionRequestHttpMethod.POST,
    path="/api/v1/resource",
    json={"key": "value"},
    headers={"extra_header_key": "extra_header_value"},
)

# Process the response
print(response)

For more information, see Use environment variables to access resources.

Remove a Unity Catalog connection resource

When you remove a Unity Catalog connection resource from an app, the app's service principal loses access to the connection. The connection itself remains unchanged and continues to be available for other users and applications that have appropriate permissions.

Best practices

Consider the following when you work with Unity Catalog connection resources:

  • Implement error handling and retry logic for connection failures and network issues.
  • Monitor API response times and connection latency, especially for cross-region or cross-cloud requests.
  • Consider data egress costs when making requests to external services, particularly for large payloads or high-volume API calls.
  • Regularly review and rotate connection credentials according to your security policies.
  • Validate API responses and implement appropriate timeout values for external service calls.