Skip to main content

Connect to external cloud services using Unity Catalog

This page explains how Unity Catalog governs access to non-storage cloud services and provides links to pages that explain how to enable access to cloud services from Databricks.

To enable and govern access to external services:

  1. You create a service credential object in Unity Catalog. A service credential encapsulates a long-term cloud credential that grants access to such services.
  2. You control access to the service credential using Unity Catalog privileges.
  3. Privileged users or service principals reference that service credential in code that calls the external service.

This is preferable to passing credentials directly in your code, attaching credentials directly to a compute resource, or using Databricks secrets, because it allows you to restrict and track access using Unity Catalog privilege management and audit logging.

Service credentials are not intended for governing access to cloud storage that is used as a Unity Catalog managed storage location or external storage location. For those use cases, use a storage credential. See Connect to cloud object storage using Unity Catalog.

Next steps