cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

access databricks secretes in int script

Ravikumashi
Contributor

โ€Ž12-10-2022 11:01 AM

we are trying install databricks cli on init scripts and in order to do this we need to autheticate with databricks token but it is not secure as anyone got access to cluster can get hold of this databricks token.

we try to inject the secretes into secrete scope and access in init script and it is not working.

Any suggestions to access secrete or inject token securely into init scripts ?

0 Kudos
2 REPLIES 2

Hubert-Dudek
Esteemed Contributor III

โ€Ž12-10-2022 01:21 PM

I think you don't need to install CLI. There is a whole API available via notebook. below is example:

import requests
ctx = dbutils.notebook.entry_point.getDbutils().notebook().getContext()
host_name = ctx.tags().get("browserHostName").get()
host_token = ctx.apiToken().get()
 
# COMMAND ----------
 
notebook_folder = '/Users/hubert.dudek@databrickster.com'
 
response = requests.get(
f'https://{host_name}/api/2.0/workspace/list',
headers={'Authorization': f'Bearer {host_token}'},
json={'path': notebook_folder}
).json()

0 Kudos

Ravikumashi
Contributor
In response to Hubert-Dudek

โ€Ž12-10-2022 11:13 PM

Thank you for reply.

The reason we are installing databricks cli on init script is we have requirement to call python notebook via init script.

Btw I managed to access the secrete from secrete scopeโ€‹ and may be I had some typo.

โ€‹example:

Set below in environment variable of cluster between bracket

DToken=โ€‹secretes/scope/secretesKey

And remove the DToken from spark environments variable so that it won't be available after the init script.

Example: sed -i '/^Dโ€‹Token/d' /databricks/spark/conf/spark-env.sh

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements