Sometimes accessing data requires that you authenticate to external data sources through JDBC. Instead of directly entering your credentials into a notebook, use Databricks secrets to store your credentials and reference them in notebooks and jobs. To manage secrets, you can use the Databricks CLI to access the Secrets API 2.0.
Administrators, secret creators, and users granted permission can read Databricks secrets. While Databricks makes an effort to redact secret values that might be displayed in notebooks, it is not possible to prevent such users from reading secrets. For more information, see Secret redaction.
To set up secrets you:
- Create a secret scope. Secret scope names are case insensitive.
- Add secrets to the scope. Secret names are case insensitive.
- If you have the Premium plan (or, for customers who subscribed to Databricks before March 3, 2020, the Operational Security package), assign access control to the secret scope.
This guide shows you how to perform these setup tasks and manage secrets. For more information, see:
- An end-to-end example of how to use secrets in your workflows.
- Reference for the Secrets CLI.
- Reference for the Secrets API 2.0.
- How to use Secrets utility (dbutils.secrets) to reference secrets in notebooks and jobs.
In this guide:
- Secret scopes
- Secret redaction
- Secret workflow example