secret function

Applies to: check marked yes Databricks SQL preview check marked yes Databricks Runtime 11.3 and above

Extracts a secret value with the given scope and key from Databricks secret service.

Syntax

secret ( scope, key )

Arguments

  • scope: A constant string expression containing the scope of the secret to be extracted. The scope is the namespace in which multiple keys might reside.

  • key: A constant string expression with the key of the secret to be extracted.

Returns

A STRING.

To retrieve a list of all secrets the user is authorized to see use the list_secrets function.

Error conditions

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_KEY_NOT_CONSTANT: The key is not a constant string.

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_SCOPE_NOT_CONSTANT: The scope is not a constant string.

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_NOT_SUPPORTED: Databricks secret service is not available.

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_LOOKUP_FAILED: The key cannot be found within scope.

Examples

> SELECT * FROM list_secrets();
  scope         key
  ------------  ---------------
  secrets.r.us  theAnswerToLife

> SELECT secret('secrets.r.us', 'theAnswerToLife');
  fourtyTwo