โ11-14-2024 05:08 AM
We want to create an Azure-Keyvault-backed secret scope with terraform - while we are able to do it via the UI with the URL https://adb-xxxxxxxx.x.azuredatabricks.net/?o=xxxxxxxxxxxxxx#secrets/createScope, I'm unable to do it with Terraform.
resource "databricks_secret_scope" "this" {
name = "my-keyvault-name"
keyvault_metadata {
resource_id = "/subscriptions/x/resourceGroups/x/providers/Microsoft.KeyVault/vaults/my-keyvault-name"
dns_name = "my-keyvault-name.vault.azure.net/"
}
}
In case it's relevant: while running Terraform we authenticate with a browser-pop up with our ActiveDirectory to authenticate against and deploy the Azure ressources.
โ11-14-2024 05:55 AM
Could you share with us what error message you get?
โ11-14-2024 06:22 AM
Sorry I forgot, of course - Terraform plan goes through without a problem, but during the apply phase, I get
โ Error: cannot create secret scope: Scope with Azure KeyVault must have userAADToken defined!
โ
โ with databricks_secret_scope.this,
โ on main_secret_scope_and_keyvault_acl.tf line 15, in resource "databricks_secret_scope" "this":
โ 15: resource "databricks_secret_scope" "this" {
โ
โ04-15-2025 03:50 AM - edited โ04-15-2025 03:51 AM
I'm getting the same error message when trying to use the REST API as well and have tried about every combination I could think of to get the payload correct. I have tried AAD tokens for a user account, service principal, made those accounts full owners on the Key Vault, tried different names for the AAD Token with no success. Anyone out there, get a working solution?
โ04-15-2025 06:37 AM
I am having the same issue.
โ05-21-2025 11:43 PM
I am also having the same issue. I am deploying the Azure backed secrets across 3 different workspaces in my TF deployment. Strangley enough it works for 2/3 of my deployments but then I get the same error:
Scope with Azure KeyVault must have userAADToken defined!
โ
Passionate about hosting events and connecting people? Help us grow a vibrant local communityโsign up today to get started!
Sign Up Now