Environment variables and fields for unified authentication
This reference lists environment variables and configuration fields for Databricks unified authentication. They work consistently across the Databricks CLI, Terraform provider, and SDKs for Python, Java, and Go.
Use this reference to set up authentication or troubleshoot authentication issues. Each entry includes:
- Environment variable: Set this in your shell environment.
.databrickscfg
field: Use this in configuration profiles.- Terraform field: Configure this in your Terraform provider block. See Authentication in the Databricks Terraform provider documentation.
Config
field: Use this when configuring SDKs programmatically with theConfig
API.
General configuration fields
These variables configure basic connection and compute settings for Databricks.
Common name | Description | Environment variable |
|
|
---|---|---|---|---|
Databricks host | (String) The Databricks host URL for either the Databricks workspace endpoint or the Databricks accounts endpoint. |
|
|
|
Databricks token | (String) The Databricks personal access token. |
|
|
|
Databricks account ID | (String) The Databricks account ID for the Databricks account endpoint. Only has effect when the Databricks host is also set to |
|
|
|
Cluster ID | (String) The ID of the cluster to use |
|
|
|
Serverless compute | (String) The serverless compute auto enablement setting. Valid values are |
|
|
|
Common name | Description | Environment variable |
|
|
---|---|---|---|---|
Client ID | (String) The Databricks service principal's client ID. |
|
|
|
Client secret | (String) The Databricks service principal's client secret. |
|
|
|
Google Cloud service account | (String) The Google Cloud service account's e-mail address. |
|
|
|
Google Cloud credentials | (String) The local path to the Google Cloud service account key file, or the contents of the service account key file in JSON format. |
|
|
|
.databrickscfg-specific fields
Use these environment variables or fields to specify non-default settings for .databrickscfg
. See also Databricks configuration profiles.
Common name | Description | Environment variable | Terraform field |
|
---|---|---|---|---|
| (String) A non-default path to the |
|
|
|
| (String) The default named profile to use, other than |
|
|
|
Authentication fields
Use these environment variables or fields to enforce a specific type of Databricks authentication.
Common name | Description | Environment variable | Terraform field |
|
---|---|---|---|---|
Databricks authentication type | (String) When multiple authentication attributes are available in the environment, use the authentication type specified by this argument. See Supported authentication types. |
|
|
|
OIDC token environment variable | (String) The name of the environment variable that contains your IdP-issued OIDC token. Used with |
|
|
|
OIDC token file path | (String) The path to a local file that contains your IdP-issued OIDC token. Used with |
|
|
|
Supported authentication types
Supported Databricks authentication type field values include:
oauth-m2m
: For machine-to-machine (M2M) authentication with a Databricks service principal through OAuth 2.0. See Authorize service principal access to Databricks with OAuth.pat
: For authentication using a Databricks personal access token. See Databricks personal access token authentication (legacy).databricks-cli
: For interactive sign-in with the Databricks CLI using OAuth 2.0. See Authorize user access to Databricks with OAuth.oidc-token
: For token federation with an identity provider (IdP), where Databricks exchanges an IdP-issued OIDC token for a Databricks OAuth token. See Authenticate with an identity provider token.env-oidc
: For federation when your IdP token is stored in an environment variable (DATABRICKS_OIDC_TOKEN
). See Authenticate with an identity provider token.file-oidc
: For federation when your IdP token is stored in a local file (DATABRICKS_OIDC_TOKEN_FILEPATH
). See Authenticate with an identity provider token.github-oidc
: For GitHub Actions federated authentication via OIDC tokens. See Enable workload identity federation for GitHub Actions.azure-devops-oidc
: For Azure DevOps federated authentication via OIDC tokens. See Enable workload identity federation for Azure DevOps Pipelines.
google-id
: For authentication using a Google ID. See Google Cloud ID authentication.