<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic REDACTED_POSSIBLE_SECRET_ACCESS_KEY as part of column value result form aes_encrypt in Data Engineering</title>
    <link>https://community.databricks.com/t5/data-engineering/redacted-possible-secret-access-key-as-part-of-column-value/m-p/55086#M30238</link>
    <description>&lt;P&gt;Hi, i've encountered an error using base64/aes_encrypt, as result the string saved contains 'REDACTED_POSSIBLE_SECRET_ACCESS_KEY' at the end destroying the original data, rendering it useless undecryptable, is there a way to avoid this replacement in the saved data?&lt;/P&gt;&lt;P&gt;this behaviour occours in special conditions it seems, problem is the redaction is not only in presentation layer but the data beneath... whenever this query is writen, the data renders the REDACTED string&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Captura de pantalla 2023-12-11 152523.png" style="width: 880px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5573i6B2E8FC9641C47D5/image-size/large/is-moderation-mode/true?v=v2&amp;amp;px=999" role="button" title="Captura de pantalla 2023-12-11 152523.png" alt="Captura de pantalla 2023-12-11 152523.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;i guess the problem is related to:&lt;BR /&gt;&lt;A href="https://docs.databricks.com/en/security/keys/redaction.html#aws-secret-access-key-redaction" target="_blank"&gt;https://docs.databricks.com/en/security/keys/redaction.html#aws-secret-access-key-redaction&lt;/A&gt;&lt;/P&gt;&lt;P&gt;but it should not destroy the data. (string replaced contains 40 characters, tried appending a letter at the end to retrieve the correct encrypted value)&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DApt_0-1702326511602.png" style="width: 400px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5574i066DEB9917F7A868/image-size/medium/is-moderation-mode/true?v=v2&amp;amp;px=400" role="button" title="DApt_0-1702326511602.png" alt="DApt_0-1702326511602.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DApt_3-1702327037748.png" style="width: 400px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5577i687827DDBA4BD619/image-size/medium/is-moderation-mode/true?v=v2&amp;amp;px=400" role="button" title="DApt_3-1702327037748.png" alt="DApt_3-1702327037748.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;once the query is saved as table it can not be decrypted any more&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DApt_1-1702326665014.png" style="width: 400px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5575i84872DFE1A1868EE/image-size/medium/is-moderation-mode/true?v=v2&amp;amp;px=400" role="button" title="DApt_1-1702326665014.png" alt="DApt_1-1702326665014.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Mon, 11 Dec 2023 20:43:37 GMT</pubDate>
    <dc:creator>DApt</dc:creator>
    <dc:date>2023-12-11T20:43:37Z</dc:date>
    <item>
      <title>REDACTED_POSSIBLE_SECRET_ACCESS_KEY as part of column value result form aes_encrypt</title>
      <link>https://community.databricks.com/t5/data-engineering/redacted-possible-secret-access-key-as-part-of-column-value/m-p/55086#M30238</link>
      <description>&lt;P&gt;Hi, i've encountered an error using base64/aes_encrypt, as result the string saved contains 'REDACTED_POSSIBLE_SECRET_ACCESS_KEY' at the end destroying the original data, rendering it useless undecryptable, is there a way to avoid this replacement in the saved data?&lt;/P&gt;&lt;P&gt;this behaviour occours in special conditions it seems, problem is the redaction is not only in presentation layer but the data beneath... whenever this query is writen, the data renders the REDACTED string&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Captura de pantalla 2023-12-11 152523.png" style="width: 880px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5573i6B2E8FC9641C47D5/image-size/large/is-moderation-mode/true?v=v2&amp;amp;px=999" role="button" title="Captura de pantalla 2023-12-11 152523.png" alt="Captura de pantalla 2023-12-11 152523.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;i guess the problem is related to:&lt;BR /&gt;&lt;A href="https://docs.databricks.com/en/security/keys/redaction.html#aws-secret-access-key-redaction" target="_blank"&gt;https://docs.databricks.com/en/security/keys/redaction.html#aws-secret-access-key-redaction&lt;/A&gt;&lt;/P&gt;&lt;P&gt;but it should not destroy the data. (string replaced contains 40 characters, tried appending a letter at the end to retrieve the correct encrypted value)&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DApt_0-1702326511602.png" style="width: 400px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5574i066DEB9917F7A868/image-size/medium/is-moderation-mode/true?v=v2&amp;amp;px=400" role="button" title="DApt_0-1702326511602.png" alt="DApt_0-1702326511602.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DApt_3-1702327037748.png" style="width: 400px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5577i687827DDBA4BD619/image-size/medium/is-moderation-mode/true?v=v2&amp;amp;px=400" role="button" title="DApt_3-1702327037748.png" alt="DApt_3-1702327037748.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;once the query is saved as table it can not be decrypted any more&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DApt_1-1702326665014.png" style="width: 400px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/5575i84872DFE1A1868EE/image-size/medium/is-moderation-mode/true?v=v2&amp;amp;px=400" role="button" title="DApt_1-1702326665014.png" alt="DApt_1-1702326665014.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 11 Dec 2023 20:43:37 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-engineering/redacted-possible-secret-access-key-as-part-of-column-value/m-p/55086#M30238</guid>
      <dc:creator>DApt</dc:creator>
      <dc:date>2023-12-11T20:43:37Z</dc:date>
    </item>
    <item>
      <title>Re: REDACTED_POSSIBLE_SECRET_ACCESS_KEY as part of column value result form aes_encrypt</title>
      <link>https://community.databricks.com/t5/data-engineering/redacted-possible-secret-access-key-as-part-of-column-value/m-p/59729#M31502</link>
      <description>&lt;P&gt;I had the same issue, and my usage was similar to OP:&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;base64(aes_encrypt(&amp;lt;clear_text&amp;gt;, unbase64(secret(&amp;lt;scope&amp;gt;, &amp;lt;key&amp;gt;))))&lt;/LI-CODE&gt;&lt;P&gt;Databricks support suggested to not call &lt;FONT face="courier new,courier"&gt;secret&lt;/FONT&gt; within the insert/update operation that writes to the table. After updating the python code to first fetch the encryption key from secret, then executing &lt;FONT face="courier new,courier"&gt;aes_encrypt&lt;/FONT&gt; using &lt;FONT face="courier new,courier"&gt;expr&lt;/FONT&gt;, the redaction and data corruption went away.&lt;/P&gt;&lt;P&gt;&lt;A href="https://datamadness.medium.com/column-encryption-and-decryption-in-databricks-baf9ada3a7cf" target="_blank" rel="noopener"&gt;This article&lt;/A&gt; gives the overall approach I followed, using a mix of pyspark and sql. Just remember to first retrieve the encryption key, then construct the &lt;FONT face="courier new,courier"&gt;aes_encrypt&lt;/FONT&gt; call with the key, rather than calling &lt;FONT face="courier new,courier"&gt;secret&lt;/FONT&gt; from within &lt;FONT face="courier new,courier"&gt;aes_encrypt&lt;/FONT&gt;.&lt;/P&gt;&lt;P&gt;Hope this helps!&lt;/P&gt;</description>
      <pubDate>Thu, 08 Feb 2024 23:41:37 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-engineering/redacted-possible-secret-access-key-as-part-of-column-value/m-p/59729#M31502</guid>
      <dc:creator>DataEnthusiast1</dc:creator>
      <dc:date>2024-02-08T23:41:37Z</dc:date>
    </item>
  </channel>
</rss>

