cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

data ingestion from external system - auth via client certificate

cuhlmann
New Contributor

Hi Community,

we have the requirement to ingest data in azure databricks from external systems.

Our customer ask us to use Client Certificate as authentication method.

Requests - https://requests.readthedocs.io/en/latest/user/advanced/

Aiohttp - https://docs.aiohttp.org/en/stable/client_advanced.html

Solace Broker API - https://docs.solace.com/API/API-Developer-Guide-Python/Python-API-Messaging-Service.htm#Client

The certificate is stored in a azure key vault but all three methods required a local file for Client Certificate authentication.

can someone advice us how to achieve this on azure databricks?


Thanks Christian

1 REPLY 1

filipniziol
Contributor III

Hi @cuhlmann ,

As I understand you need to ingest data into Azure Databricks from external systems, and your customer requires using client certificate authentication. The challenge is that the client certificate is stored in Azure Key Vault, but the libraries you're using (Requests, Aiohttp, Solace Broker API) require a local certificate file for client authentication.

Here is the possible solution:

  • Create a key vault-backed secret scope in Databricks
  • Access secrets in the notebook like this: 

 

# Accessing secrets from Key Vault
client_cert = dbutils.secrets.get(scope="your_scope", key="client_certificate")
client_key = dbutils.secrets.get(scope="your_scope", key="client_key")
​

 

  • Out of the secrets create a certificate file and save to the location (Volume when using Unity Catalog, DBFS tmp without Unity Catalog)
  • Use the certificate file in your code

 

import requests

url = "https://external-system.example.com/api/data"

# Use the certificate file for client authentication
response = requests.get(url, cert=cert_file_path)

# Check the response
print(response.status_code)
print(response.text)
​

 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group