Databricks unified authentication
Databricks unified authentication provides a consistent way to configure and automate authentication as part of OAuth authorization. You define authentication once and reuse the same configuration across supported Databricks tools and SDKs. This avoids maintaining separate credentials for each tool and ensures consistent authentication behavior across environments.
Participating tools and SDKs
Participating Databricks tools and SDKs include:
- Databricks CLI
- Databricks Terraform provider
- Databricks Connect
- Databricks extension for Visual Studio Code
- Databricks SDK for Python
- Databricks SDK for Java
- Databricks SDK for Go
All tools and SDKs support authentication through environment variables and Databricks configuration profiles. The Databricks Terraform provider and the Python, Java, and Go SDKs also let you configure authentication directly in code. For details, see the tool or SDK’s documentation.
Authentication method priority
This section explains how tools and SDKs prioritize authentication methods and where they look for credentials.
Default authentication order
Tools and SDKs attempt authentication methods in this order and stop after the first success:
To force an SDK to use a specific method, set the Databricks authentication type field in the Config API.
Credential lookup order
For each authentication method, tools and SDKs search for credentials in this order:
- SDK Config fields: Direct configuration in code (SDKs only)
- Environment variables: Platform-specific variables
- Configuration profile:
.databrickscfgfileDEFAULTprofile
Best practices
For maximum portability across environments, do the following:
- Create a custom configuration profile in your
.databrickscfgfile - Add required fields for your chosen authentication type
- Set the
DATABRICKS_CONFIG_PROFILEenvironment variable to your profile name
For a complete list of supported environment variables and configuration fields, see Environment variables and fields for unified authentication.