cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Datbricks CLI is encoding the secrets in base 64 automatically

Go to solution
spearitchmeta
Contributor

‎08-21-2025 03:16 AM - edited ‎08-21-2025 03:18 AM

Hello Everyone,

I am using my MAc terminal to save a databricks primary key using a specific scope and secret.

Now everything runs smoothly ! except when I get to the step where I generate a secret. Problem is that my primary key is for example "test123" and when I use the following I get

"databricks secrets get-secret "caefe_prod" "cosmosdb_prod_prim_key"

Output

{

  "key":"cosmosdb_prod_prim_key",

  "value":"cGFzdGVfeW91cl9rZXlfaGVyZQ=="

}

Why is this happening? Am I missing something?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Go to solution
szymon_dybczak
Esteemed Contributor III

‎08-21-2025 03:19 AM

Hi @spearitchmeta ,

Yes, you're right. In order to read the value of a secret using the Databricks CLI, you must decode the base64 encoded value. You can use jq to extract the value and base --decode to decode it:

databricks secrets get-secret <scope-name> <key-name> | jq -r .value | base64 --decode

 

Secret management | Databricks Documentation

View solution in original post

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to spearitchmeta

‎08-21-2025 03:32 AM

Hi @spearitchmeta ,

You will get encoded secret value when you use databricks cli (version 0.205 and above). 

szymon_dybczak_0-1755772252902.png

But when you use secret utility (dbutils.secrets) it should be not encoded. So you can use it directly.

szymon_dybczak_1-1755772311646.png

 

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
szymon_dybczak
Esteemed Contributor III

‎08-21-2025 03:19 AM

Hi @spearitchmeta ,

Yes, you're right. In order to read the value of a secret using the Databricks CLI, you must decode the base64 encoded value. You can use jq to extract the value and base --decode to decode it:

databricks secrets get-secret <scope-name> <key-name> | jq -r .value | base64 --decode

 

Secret management | Databricks Documentation

Go to solution
Khaja_Zaffer
Contributor III
In response to szymon_dybczak

‎08-21-2025 03:22 AM

@szymon_dybczak Exactly 

Thank you. 🙂

Go to solution
spearitchmeta
Contributor
In response to szymon_dybczak

‎08-21-2025 03:27 AM

 @szymon_dybczak 

Thank you for yor fast reponse. But the secret is still encoded in that case. Meaning that when I read the secret in databricks to access the azure resource I generally use:  key = dbutils.secrets.get(scope="some-name", key="key-name")

In this case I assume that the encoded key will be read as well right? (which explains the failed connection attempt as well)

0 Kudos

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to spearitchmeta

‎08-21-2025 03:32 AM

Hi @spearitchmeta ,

You will get encoded secret value when you use databricks cli (version 0.205 and above). 

szymon_dybczak_0-1755772252902.png

But when you use secret utility (dbutils.secrets) it should be not encoded. So you can use it directly.

szymon_dybczak_1-1755772311646.png

 

0 Kudos

Go to solution
spearitchmeta
Contributor
In response to szymon_dybczak

‎08-21-2025 03:45 AM

Somehow it did not work before but now the connection is properly established ! Thank you very much

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to spearitchmeta

‎08-21-2025 03:46 AM

No problem, cool that it worked.

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements