Environment variables and fields for unified authentication

This reference lists environment variables and configuration fields for Databricks unified authentication. They work consistently across the Databricks CLI, Terraform provider, and SDKs for Python, Java, and Go.

Use this reference to set up authentication or troubleshoot authentication issues. Each entry includes:

• Environment variable: Set this in your shell environment.
• .databrickscfg field: Use this in configuration profiles.
• Terraform field: Configure this in your Terraform provider block. See Authentication in the Databricks Terraform provider documentation.
• Config field: Use this when configuring SDKs programmatically with the Config API.

General configuration fields

These variables configure basic connection and compute settings for Databricks.

Common name	Description	Environment variable	.databrickscfg field, Terraform field	Config field
Databricks host	(String) The Databricks host URL for either the Databricks workspace endpoint or the Databricks accounts endpoint.	DATABRICKS_HOST	host	host (Python) setHost (Java) Host (Go)
Databricks token	(String) The Databricks personal access token.	DATABRICKS_TOKEN	token	token (Python) setToken (Java) Token (Go)
Databricks account ID	(String) The Databricks account ID for the Databricks account endpoint. Only has effect when the Databricks host is also set to https://accounts.gcp.databricks.com.	DATABRICKS_ACCOUNT_ID	account_id	account_id (Python) setAccountID (Java) AccountID (Go)
Cluster ID	(String) The ID of the cluster to use	DATABRICKS_CLUSTER_ID	cluster_id	cluster_id
Serverless compute	(String) The serverless compute auto enablement setting. Valid values are auto.	DATABRICKS_SERVERLESS_COMPUTE_ID	serverless_compute_id	serverless_compute_id

Common name	Description	Environment variable	.databrickscfg field, Terraform field	Config field
Client ID	(String) The Databricks service principal's client ID.	DATABRICKS_CLIENT_ID	client_id	client_id (Python) setClientId (Java) ClientId (Go)
Client secret	(String) The Databricks service principal's client secret.	DATABRICKS_CLIENT_SECRET	client_secret	client_secret (Python) setClientSecret (Java) ClientSecret (Go)
Google Cloud service account	(String) The Google Cloud service account's e-mail address.	DATABRICKS_GOOGLE_SERVICE_ACCOUNT	google_service_acccount	GoogleServiceAccount (Go)
Google Cloud credentials	(String) The local path to the Google Cloud service account key file, or the contents of the service account key file in JSON format.	GOOGLE_CREDENTIALS	google_credentials	GoogleCredentials (Go)

.databrickscfg-specific fields

Use these environment variables or fields to specify non-default settings for .databrickscfg. See also Databricks configuration profiles.

Common name	Description	Environment variable	Terraform field	Config field
.databrickscfg file path	(String) A non-default path to the .databrickscfg file.	DATABRICKS_CONFIG_FILE	config_file	config_file (Python) setConfigFile (Java) ConfigFile (Go)
.databrickscfg default profile	(String) The default named profile to use, other than DEFAULT.	DATABRICKS_CONFIG_PROFILE	profile	profile (Python) setProfile (Java) Profile (Go)

Authentication fields

Use these environment variables or fields to enforce a specific type of Databricks authentication.

Common name	Description	Environment variable	Terraform field	Config field
Databricks authentication type	(String) When multiple authentication attributes are available in the environment, use the authentication type specified by this argument. See Supported authentication types.	DATABRICKS_AUTH_TYPE	auth_type	auth_type (Python) setAuthType (Java) AuthType (Go)
OIDC token environment variable	(String) The name of the environment variable that contains your IdP-issued OIDC token. Used with env-oidc authentication type. Defaults to DATABRICKS_OIDC_TOKEN.	DATABRICKS_OIDC_TOKEN_ENV	oidc_token_env	oidc_token_env (Python) setOIDCTokenEnv (Java) OIDCTokenEnv (Go)
OIDC token file path	(String) The path to a local file that contains your IdP-issued OIDC token. Used with file-oidc authentication type.	DATABRICKS_OIDC_TOKEN_FILEPATH	oidc_token_filepath	oidc_token_filepath (Python) setOIDCTokenFilepath (Java) OIDCTokenFilepath (Go)

Supported authentication types

Supported Databricks authentication type field values include:

• oauth-m2m: For machine-to-machine (M2M) authentication with a Databricks service principal through OAuth 2.0. See Authorize service principal access to Databricks with OAuth.
• pat: For authentication using a Databricks personal access token. See Databricks personal access token authentication (legacy).
• databricks-cli: For interactive sign-in with the Databricks CLI using OAuth 2.0. See Authorize user access to Databricks with OAuth.
• oidc-token: For token federation with an identity provider (IdP), where Databricks exchanges an IdP-issued OIDC token for a Databricks OAuth token. See Authenticate with an identity provider token.
• env-oidc: For federation when your IdP token is stored in an environment variable (DATABRICKS_OIDC_TOKEN). See Authenticate with an identity provider token.
• file-oidc: For federation when your IdP token is stored in a local file (DATABRICKS_OIDC_TOKEN_FILEPATH). See Authenticate with an identity provider token.
• github-oidc: For GitHub Actions federated authentication via OIDC tokens. See Enable workload identity federation for GitHub Actions.
• azure-devops-oidc: For Azure DevOps federated authentication via OIDC tokens. See Enable workload identity federation for Azure DevOps Pipelines.

• google-id: For authentication using a Google ID. See Google Cloud ID authentication.