cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Can we Change the ownership of Databricks Managed Secret to SP in Azure Data Bricks?

Naveenkumar1811
New Contributor II

Thursday

Hi Team,

Earlier we faced an Issue where the jar file(Created by a old employee) in workspace directory is used as library in the cluster which is run from a SP. Since the employee left the org and the id got removed even though the SP is part of ADMIN group we had issues in cluster start. Similarly we are doubting we could run similar issue if the secret created by a user and he left, which can cause issue? 

Labels:
0 Kudos
3 REPLIES 3

Coffee77
Contributor III

Thursday

That's the reason by which I try to deploy most part of resources with service principal accounts while using Databricks Asset Bundles. Avoid human identities whenever possible because they can indeed go away...

I think you'll have to create another secret in the same or another scope trying to "read" the previous secret with an account with "manage" permissions. I'd say that is not possible with "read" permissions but you could try. Then, create new scope and/or secret with a "service principal" account and assign permissions to other users if needed. This wiill avoid at least same issue in future.

 

databricks secrets get-secret <scope-name> <key-name> | jq -r .value | base64 --decode

 


Lifelong Learner Cloud & Data Solution Architect | https://www.youtube.com/@CafeConData
0 Kudos

Naveenkumar1811
New Contributor II

7 hours ago

We have multiple instance where the secrets are referred. so creating the secret with new name will cause code changes in multiple places. So as per your suggestion i should delete the existing secret and recreate the new one with Databricks CLI with SP pat token?

0 Kudos

Coffee77
Contributor III

6 hours ago

I think there is no other way. 

In any case, here is how I usually configure my (all-purpose and jobs compute) clusters to access secrets via environment variables so that you don't have to update all references if some similar issue arises again. The environment variables act as an abstraction between secrets and consumer code.

Coffee77_0-1763388829227.png

KR

 


Lifelong Learner Cloud & Data Solution Architect | https://www.youtube.com/@CafeConData
0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements