cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Databricks cannot access Azure Key Vault

Go to solution
SimonNuss
New Contributor II

‎10-10-2018 11:52 AM

I am trying to set retrieve a secret from Azure Key Vault as follows:

sqlPassword = dbutils.secrets.get(scope = "Admin", key = "SqlPassword")

The scope has been created correctly, but I receive the following error message:

com.databricks.common.client.DatabricksServiceException: INVALID_STATE: Databricks could not access the keyvault: https://AzureKeyVaultName.vault.azure.net/.

I assume I need to add Databricks in Azure Key Vaults "Access Policies" however I cannot find any information online on how to do this. Any ideas?

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Rodneyjoyce
New Contributor III

‎06-10-2019 10:48 PM

FYI I found the answer to my problem and posted about it here on SO to share: https://stackoverflow.com/questions/56537214/creating-a-secret-scope-in-databricks-backed-by-azure-k...

It was because I was using a user in Databricks that did not have rights in Azure AD to make a service principal.

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
Rodneyjoyce
New Contributor III
In response to Prosenjit

‎06-10-2019 08:44 PM

This did not work for me. I have the same error - including misspelling -

"Internal error happened while granting read/list permission to Databricks ervice principal to KeyVault: XYZ"

I'm assuming Databricks is using a default service principal in Azure AD to communicate with KeyVault but I don't have access to AD and I can't find the Databricks principal name.

0 Kudos

Go to solution
sagarsharmas
New Contributor II

‎03-05-2019 01:27 PM

Hey did you solve the issue?

Go to solution
Rodneyjoyce
New Contributor III

‎06-10-2019 10:48 PM

FYI I found the answer to my problem and posted about it here on SO to share: https://stackoverflow.com/questions/56537214/creating-a-secret-scope-in-databricks-backed-by-azure-k...

It was because I was using a user in Databricks that did not have rights in Azure AD to make a service principal.

0 Kudos

Go to solution
virahkumar
New Contributor II

‎08-10-2020 09:15 PM

Sometimes turning it off and on again is underrated, so I gave up finding the problem, deleted it and re-created the scope - worked a breeze!

Mine seems like it was something silly, I was able to set up my vault but got the same issue when trying to use it 1hr later - even when logged in as myself, an admin of the workspace. Whenever I created it before with the exact same process (via a pipeline), it worked, just not this time... so no problem ID here, just a solution 🙂

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.