Secret management

Sometimes accessing data requires that you authenticate to external data sources through JDBC. Instead of directly entering your credentials into a notebook, use Databricks secrets to store your credentials and reference them in notebooks and jobs. To manage secrets, you can use the Databricks CLI to access the Secrets API.


Administrators, secret creators, and users granted permission can read Databricks secrets. While Databricks makes an effort to redact secret values that might be displayed in notebooks, it is not possible to prevent such users from reading secrets. For more information, see Secret redaction.

To set up secrets you:

  1. Create a secret scope. Secret scope names are case insensitive.

  2. Add secrets to the scope. Secret names are case insensitive.

  3. If you have the Premium plan or above, assign access control to the secret scope.

This guide shows you how to perform these setup tasks and manage secrets. For more information, see: