cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

data ingestion from external system - auth via client certificate

cuhlmann
New Contributor

‎10-24-2024 05:34 AM

Hi Community,

we have the requirement to ingest data in azure databricks from external systems.

Our customer ask us to use Client Certificate as authentication method.

Requests - https://requests.readthedocs.io/en/latest/user/advanced/

Aiohttp - https://docs.aiohttp.org/en/stable/client_advanced.html

Solace Broker API - https://docs.solace.com/API/API-Developer-Guide-Python/Python-API-Messaging-Service.htm#Client

The certificate is stored in a azure key vault but all three methods required a local file for Client Certificate authentication.

can someone advice us how to achieve this on azure databricks?


Thanks Christian

0 Kudos
1 REPLY 1

filipniziol
Esteemed Contributor

‎10-24-2024 10:10 AM

Hi @cuhlmann ,

As I understand you need to ingest data into Azure Databricks from external systems, and your customer requires using client certificate authentication. The challenge is that the client certificate is stored in Azure Key Vault, but the libraries you're using (Requests, Aiohttp, Solace Broker API) require a local certificate file for client authentication.

Here is the possible solution:

  • Create a key vault-backed secret scope in Databricks
  • Access secrets in the notebook like this: 

 

# Accessing secrets from Key Vault
client_cert = dbutils.secrets.get(scope="your_scope", key="client_certificate")
client_key = dbutils.secrets.get(scope="your_scope", key="client_key")

 

  • Out of the secrets create a certificate file and save to the location (Volume when using Unity Catalog, DBFS tmp without Unity Catalog)
  • Use the certificate file in your code

 

import requests

url = "https://external-system.example.com/api/data"

# Use the certificate file for client authentication
response = requests.get(url, cert=cert_file_path)

# Check the response
print(response.status_code)
print(response.text)

 

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top