Installing private python Azure DevOps repository without revealing personal access token in pyproject.toml

Kaijser — Wed, 14 Jun 2023 09:52:03 GMT

I want to install a .whl file on my Databricks cluster which includes a private Azure DevOps repository as a dependency in its pyproject.toml file, i.e.:

[project]
name = "test"
description = "test_description."
version = "0.1.0"
authors = [
  { name = "test", email = "test@test.nl" }
]
requires-python = ">=3.7"
dependencies = [
  "pandas",
  "aiohttp",
  "private_repo @ git+https://<PERSONAL_ACCESS_TOKEN>@dev.azure.com/company/project/_git/private_repo"
]
 
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"

This works but as you can see I have to provide a DevOps personal access token in the pyproject.toml file, which I don't want, because this file is also visible to other people.

I was wondering whether there is a convenient way of hiding this in the pyproject.toml file and instead retrieve it dynamically from the Azure Key Vault. For example, in the Databricks notebooks we can use dbutils to access secret keys, like:

dbutils.secrets.get(scope="secret_scope", key="secret_key")

I guess in setup.py you could use dbutils to do so, but I am not sure how it works with a .toml file.

Re: Installing private python Azure DevOps repository without revealing personal access token in pyproject.toml

Anonymous — Fri, 16 Jun 2023 06:50:22 GMT

Hi @Aaron Kaijser

Great to meet you, and thanks for your question!

Let's see if your peers in the community have an answer to your question. Thanks.

topic Re: Installing private python Azure DevOps repository without revealing personal access token in pyproject.toml in Data Engineering

Installing private python Azure DevOps repository without revealing personal access token in pyproject.toml

Re: Installing private python Azure DevOps repository without revealing personal access token in pyproject.toml