Databricks Community

VicS · a week ago

We want to create an Azure-Keyvault-backed secret scope with terraform - while we are able to do it via the UI with the URL https://adb-xxxxxxxx.x.azuredatabricks.net/?o=xxxxxxxxxxxxxx#secrets/createScope, I'm unable to do it with Terraform.

resource "databricks_secret_scope" "this" {
  name = "my-keyvault-name"
  keyvault_metadata {
    resource_id = "/subscriptions/x/resourceGroups/x/providers/Microsoft.KeyVault/vaults/my-keyvault-name"
    dns_name    = "my-keyvault-name.vault.azure.net/"
  }
}

In case it's relevant: while running Terraform we authenticate with a browser-pop up with our ActiveDirectory to authenticate against and deploy the Azure ressources.

szymon_dybczak · a week ago

Could you share with us what error message you get?

VicS · a week ago

Sorry I forgot, of course - Terraform plan goes through without a problem, but during the apply phase, I get

│ Error: cannot create secret scope: Scope with Azure KeyVault must have userAADToken defined!
│
│   with databricks_secret_scope.this,
│   on main_secret_scope_and_keyvault_acl.tf line 15, in resource "databricks_secret_scope" "this":
│   15: resource "databricks_secret_scope" "this" {
│

Databricks Community

Creating an Azure-Keyvault-backed secret scope with terraform

Connect with Databricks Users in Your Area

Introducing an exclusively Databricks-hosted Assistant

How to present and share your Notebook insights in AI/BI Dashboards

Meet the Databricks MVPs

Now Hiring: Databricks Community Technical Moderator

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs