secret function

Applies to: Databricks SQL preview Databricks Runtime 11.3 LTS and above

Extracts a secret value with the given scope and key from Databricks secret service.

Syntax

secret ( scope, key )

Arguments

• scope: A constant string expression containing the scope of the secret to be extracted. The scope is the namespace in which multiple keys might reside.

• key: A constant string expression with the key of the secret to be extracted.

Returns

A STRING.

If the key cannot be retrieved the function raises INVALID_SECRET_LOOKUP. To return NULL instead, use the try_secret() function.

To retrieve a list of all secrets the user is authorized to see use the list_secrets function.

Error conditions

• INVALID_SECRET_LOOKUP.SECRET_FUNCTION_KEY_NOT_CONSTANT: The key is not a constant string.

• INVALID_SECRET_LOOKUP.SECRET_FUNCTION_SCOPE_NOT_CONSTANT: The scope is not a constant string.

• INVALID_SECRET_LOOKUP.SECRET_FUNCTION_NOT_SUPPORTED: Databricks secret service is not available.

• INVALID_SECRET_LOOKUP.SECRET_FUNCTION_LOOKUP_FAILED: The key cannot be found within scope.

Examples

> SELECT * FROM list_secrets();
  scope         key
  ------------  ---------------
  secrets.r.us  theAnswerToLife

> SELECT secret('secrets.r.us', 'theAnswerToLife');
  fourtyTwo

> SELECT try_secret('secrets.r.us', 'WhatIsTheAnswerToLife');
  Error: INVALID_SECRET_LOOKUP.SECRET_FUNCTION_LOOKUP_FAILED

Related functions

• list_secrets table function

• try_secret function