secret function

Applies to: check marked yes Databricks SQL preview check marked yes Databricks Runtime 11.3 LTS and above

Extracts a secret value with the given scope and key from Databricks secret service.

Syntax

secret ( scope, key )

Arguments

  • scope: A constant string expression containing the scope of the secret to be extracted. The scope is the namespace in which multiple keys might reside.

  • key: A constant string expression with the key of the secret to be extracted.

Returns

A STRING.

If the key cannot be retrieved the function raises INVALID_SECRET_LOOKUP. To return NULL instead, use the try_secret() function.

To retrieve a list of all secrets the user is authorized to see use the list_secrets function.

Error conditions

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_KEY_NOT_CONSTANT: The key is not a constant string.

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_SCOPE_NOT_CONSTANT: The scope is not a constant string.

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_NOT_SUPPORTED: Databricks secret service is not available.

  • INVALID_SECRET_LOOKUP.SECRET_FUNCTION_LOOKUP_FAILED: The key cannot be found within scope.

Examples

> SELECT * FROM list_secrets();
  scope         key
  ------------  ---------------
  secrets.r.us  theAnswerToLife

> SELECT secret('secrets.r.us', 'theAnswerToLife');
  fourtyTwo

> SELECT try_secret('secrets.r.us', 'WhatIsTheAnswerToLife');
  Error: INVALID_SECRET_LOOKUP.SECRET_FUNCTION_LOOKUP_FAILED