<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic data ingestion from external system - auth via client certificate in Administration &amp; Architecture</title>
    <link>https://community.databricks.com/t5/administration-architecture/data-ingestion-from-external-system-auth-via-client-certificate/m-p/95965#M2157</link>
    <description>&lt;P&gt;Hi Community,&lt;/P&gt;&lt;P&gt;we have the requirement to ingest data in azure databricks from external systems.&lt;/P&gt;&lt;P&gt;Our customer ask us to use Client Certificate as authentication method.&lt;/P&gt;&lt;P&gt;Requests -&amp;nbsp;&lt;A href="https://requests.readthedocs.io/en/latest/user/advanced/" target="_blank"&gt;https://requests.readthedocs.io/en/latest/user/advanced/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Aiohttp -&amp;nbsp;&lt;A href="https://docs.aiohttp.org/en/stable/client_advanced.html" target="_blank"&gt;https://docs.aiohttp.org/en/stable/client_advanced.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Solace Broker API -&amp;nbsp;&lt;A href="https://docs.solace.com/API/API-Developer-Guide-Python/Python-API-Messaging-Service.htm#Client" target="_blank"&gt;https://docs.solace.com/API/API-Developer-Guide-Python/Python-API-Messaging-Service.htm#Client&lt;/A&gt;&lt;/P&gt;&lt;P&gt;The certificate is stored in a azure key vault but all three methods required a local file for Client Certificate authentication.&lt;/P&gt;&lt;P&gt;can someone advice us how to achieve this on azure databricks?&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;Thanks Christian&lt;/P&gt;</description>
    <pubDate>Thu, 24 Oct 2024 12:34:33 GMT</pubDate>
    <dc:creator>cuhlmann</dc:creator>
    <dc:date>2024-10-24T12:34:33Z</dc:date>
    <item>
      <title>data ingestion from external system - auth via client certificate</title>
      <link>https://community.databricks.com/t5/administration-architecture/data-ingestion-from-external-system-auth-via-client-certificate/m-p/95965#M2157</link>
      <description>&lt;P&gt;Hi Community,&lt;/P&gt;&lt;P&gt;we have the requirement to ingest data in azure databricks from external systems.&lt;/P&gt;&lt;P&gt;Our customer ask us to use Client Certificate as authentication method.&lt;/P&gt;&lt;P&gt;Requests -&amp;nbsp;&lt;A href="https://requests.readthedocs.io/en/latest/user/advanced/" target="_blank"&gt;https://requests.readthedocs.io/en/latest/user/advanced/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Aiohttp -&amp;nbsp;&lt;A href="https://docs.aiohttp.org/en/stable/client_advanced.html" target="_blank"&gt;https://docs.aiohttp.org/en/stable/client_advanced.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Solace Broker API -&amp;nbsp;&lt;A href="https://docs.solace.com/API/API-Developer-Guide-Python/Python-API-Messaging-Service.htm#Client" target="_blank"&gt;https://docs.solace.com/API/API-Developer-Guide-Python/Python-API-Messaging-Service.htm#Client&lt;/A&gt;&lt;/P&gt;&lt;P&gt;The certificate is stored in a azure key vault but all three methods required a local file for Client Certificate authentication.&lt;/P&gt;&lt;P&gt;can someone advice us how to achieve this on azure databricks?&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;Thanks Christian&lt;/P&gt;</description>
      <pubDate>Thu, 24 Oct 2024 12:34:33 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/data-ingestion-from-external-system-auth-via-client-certificate/m-p/95965#M2157</guid>
      <dc:creator>cuhlmann</dc:creator>
      <dc:date>2024-10-24T12:34:33Z</dc:date>
    </item>
    <item>
      <title>Re: data ingestion from external system - auth via client certificate</title>
      <link>https://community.databricks.com/t5/administration-architecture/data-ingestion-from-external-system-auth-via-client-certificate/m-p/96022#M2160</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/129101"&gt;@cuhlmann&lt;/a&gt;&amp;nbsp;,&lt;BR /&gt;&lt;BR /&gt;As I understand you need to ingest data into Azure Databricks from external systems, and your customer requires using client certificate authentication. The challenge is that the client certificate is stored in Azure Key Vault, but the libraries you're using (Requests, Aiohttp, Solace Broker API) require a local certificate file for client authentication.&lt;BR /&gt;&lt;BR /&gt;Here is the possible solution:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Create a key vault-backed secret scope in Databricks&lt;/LI&gt;&lt;LI&gt;Access secrets in the notebook like this:&amp;nbsp;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;# Accessing secrets from Key Vault
client_cert = dbutils.secrets.get(scope="your_scope", key="client_certificate")
client_key = dbutils.secrets.get(scope="your_scope", key="client_key")
​&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Out of the secrets create a certificate file and save to the location (Volume when using Unity Catalog, DBFS tmp without Unity Catalog)&lt;/LI&gt;&lt;LI&gt;Use the certificate file in your code&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;import requests

url = "https://external-system.example.com/api/data"

# Use the certificate file for client authentication
response = requests.get(url, cert=cert_file_path)

# Check the response
print(response.status_code)
print(response.text)
​&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 24 Oct 2024 17:10:19 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/data-ingestion-from-external-system-auth-via-client-certificate/m-p/96022#M2160</guid>
      <dc:creator>filipniziol</dc:creator>
      <dc:date>2024-10-24T17:10:19Z</dc:date>
    </item>
  </channel>
</rss>

