Environment variables and fields for unified authentication

This reference lists environment variables and configuration fields for Databricks unified authentication. They work consistently across the Databricks CLI, Terraform provider, and SDKs for Python, Java, and Go.

Use this reference to set up authentication or troubleshoot authentication issues. Each entry includes:

Environment variable: Set this in your shell environment.
.databrickscfg field: Use this in configuration profiles.
Terraform field: Configure this in your Terraform provider block. See Authentication in the Databricks Terraform provider documentation.
Config field: Use this when configuring SDKs programmatically with the Config API.

General configuration fields

These variables configure basic connection and compute settings for Databricks.

Common name	Description	Environment variable	`.databrickscfg` field, Terraform field	`Config` field
Databricks host	(String) The Databricks host URL for either the Databricks workspace endpoint or the Databricks accounts endpoint.	`DATABRICKS_HOST`	`host`	`host` (Python) `setHost` (Java) `Host` (Go)
Databricks token	(String) The Databricks personal access token.	`DATABRICKS_TOKEN`	`token`	`token` (Python) `setToken` (Java) `Token` (Go)
Databricks account ID	(String) The Databricks account ID for the Databricks account endpoint. Only has effect when the Databricks host is also set to `https://accounts.gcp.databricks.com`.	`DATABRICKS_ACCOUNT_ID`	`account_id`	`account_id` (Python) `setAccountID` (Java) `AccountID` (Go)
Cluster ID	(String) The ID of the cluster to use	`DATABRICKS_CLUSTER_ID`	`cluster_id`	`cluster_id`
Serverless compute	(String) The serverless compute auto enablement setting. Valid values are `auto`.	`DATABRICKS_SERVERLESS_COMPUTE_ID`	`serverless_compute_id`	`serverless_compute_id`

Common name	Description	Environment variable	`.databrickscfg` field, Terraform field	`Config` field
Client ID	(String) The Databricks service principal's client ID.	`DATABRICKS_CLIENT_ID`	`client_id`	`client_id` (Python) `setClientId` (Java) `ClientId` (Go)
Client secret	(String) The Databricks service principal's client secret.	`DATABRICKS_CLIENT_SECRET`	`client_secret`	`client_secret` (Python) `setClientSecret` (Java) `ClientSecret` (Go)
Google Cloud service account	(String) The Google Cloud service account's e-mail address.	`DATABRICKS_GOOGLE_SERVICE_ACCOUNT`	`google_service_acccount`	`GoogleServiceAccount` (Go)
Google Cloud credentials	(String) The local path to the Google Cloud service account key file, or the contents of the service account key file in JSON format.	`GOOGLE_CREDENTIALS`	`google_credentials`	`GoogleCredentials` (Go)

.databrickscfg-specific fields

Use these environment variables or fields to specify non-default settings for .databrickscfg. See also Databricks configuration profiles.

Common name	Description	Environment variable	Terraform field	`Config` field
`.databrickscfg` file path	(String) A non-default path to the `.databrickscfg` file.	`DATABRICKS_CONFIG_FILE`	`config_file`	`config_file` (Python) `setConfigFile` (Java) `ConfigFile` (Go)
`.databrickscfg` default profile	(String) The default named profile to use, other than `DEFAULT`.	`DATABRICKS_CONFIG_PROFILE`	`profile`	`profile` (Python) `setProfile` (Java) `Profile` (Go)

Common name

Description

Environment variable

Terraform field

Config field

.databrickscfg file path

(String) A non-default path to the .databrickscfg file.

DATABRICKS_CONFIG_FILE

config_file

config_file (Python)

setConfigFile (Java)

ConfigFile (Go)

.databrickscfg default profile

(String) The default named profile to use, other than DEFAULT.

DATABRICKS_CONFIG_PROFILE

profile

profile (Python)

setProfile (Java)

Profile (Go)

Authentication fields

Use these environment variables or fields to enforce a specific type of Databricks authentication.

Common name	Description	Environment variable	Terraform field	`Config` field
Databricks authentication type	(String) When multiple authentication attributes are available in the environment, use the authentication type specified by this argument. See Supported authentication types.	`DATABRICKS_AUTH_TYPE`	`auth_type`	`auth_type` (Python) `setAuthType` (Java) `AuthType` (Go)
OIDC token environment variable	(String) The name of the environment variable that contains your IdP-issued OIDC token. Used with `env-oidc` authentication type. Defaults to `DATABRICKS_OIDC_TOKEN`.	`DATABRICKS_OIDC_TOKEN_ENV`	`oidc_token_env`	`oidc_token_env` (Python) `setOIDCTokenEnv` (Java) `OIDCTokenEnv` (Go)
OIDC token file path	(String) The path to a local file that contains your IdP-issued OIDC token. Used with `file-oidc` authentication type.	`DATABRICKS_OIDC_TOKEN_FILEPATH`	`oidc_token_filepath`	`oidc_token_filepath` (Python) `setOIDCTokenFilepath` (Java) `OIDCTokenFilepath` (Go)

Common name

Description

Environment variable

Terraform field

Config field

Databricks authentication type

(String) When multiple authentication attributes are available in the environment, use the authentication type specified by this argument. See Supported authentication types.

DATABRICKS_AUTH_TYPE

auth_type

auth_type (Python)

setAuthType (Java)

AuthType (Go)

OIDC token environment variable

(String) The name of the environment variable that contains your IdP-issued OIDC token. Used with env-oidc authentication type. Defaults to DATABRICKS_OIDC_TOKEN.

DATABRICKS_OIDC_TOKEN_ENV

oidc_token_env

oidc_token_env (Python)

setOIDCTokenEnv (Java)

OIDCTokenEnv (Go)

OIDC token file path

(String) The path to a local file that contains your IdP-issued OIDC token. Used with file-oidc authentication type.

DATABRICKS_OIDC_TOKEN_FILEPATH

oidc_token_filepath

oidc_token_filepath (Python)

setOIDCTokenFilepath (Java)

OIDCTokenFilepath (Go)

Supported authentication types

Supported Databricks authentication type field values include:

oauth-m2m: Use for machine-to-machine (M2M) authentication with a Databricks service principal through OAuth 2.0. See Authorize service principal access to Databricks with OAuth.
pat: Use if you authenticate with a Databricks personal access token. See Databricks personal access token authentication (legacy).
databricks-cli: Use if you're signing in interactively with the Databricks CLI and OAuth 2.0. See Authorize user access to Databricks with OAuth.
oidc-token: Use for token federation with an identity provider (IdP), where Databricks exchanges an IdP-issued OIDC token for a Databricks OAuth token. See Authenticate access to Databricks using OAuth token federation.
env-oidc: Use if your IdP token is stored in an environment variable (defaults to DATABRICKS_OIDC_TOKEN). See Authenticate access to Databricks using OAuth token federation.
file-oidc: Use if your IdP token is stored in a local file, referenced by DATABRICKS_OIDC_TOKEN_FILEPATH. See Authenticate access to Databricks using OAuth token federation.
github-oidc: Use for GitHub Actions federated authentication, where GitHub issues an OIDC token that Databricks exchanges for a Databricks OAuth token. For an example, see Enable workload identity federation in CI/CD.

google-id: Use if you're authenticating access using a Google ID. For more details, see Google Cloud ID authentication.

General configuration fields​

.databrickscfg-specific fields​

Authentication fields​

Supported authentication types​

General configuration fields

.databrickscfg-specific fields

Authentication fields

Supported authentication types