Databricks Community

VicS · 9 hours ago

We want to create an Azure-Keyvault-backed secret scope with terraform - while we are able to do it via the UI with the URL https://adb-xxxxxxxx.x.azuredatabricks.net/?o=xxxxxxxxxxxxxx#secrets/createScope, I'm unable to do it with Terraform.

resource "databricks_secret_scope" "this" {
  name = "my-keyvault-name"
  keyvault_metadata {
    resource_id = "/subscriptions/x/resourceGroups/x/providers/Microsoft.KeyVault/vaults/my-keyvault-name"
    dns_name    = "my-keyvault-name.vault.azure.net/"
  }
}

In case it's relevant: while running Terraform we authenticate with a browser-pop up with our ActiveDirectory to authenticate against and deploy the Azure ressources.

szymon_dybczak · 8 hours ago

Could you share with us what error message you get?

VicS · 8 hours ago

Sorry I forgot, of course - Terraform plan goes through without a problem, but during the apply phase, I get

│ Error: cannot create secret scope: Scope with Azure KeyVault must have userAADToken defined!
│
│   with databricks_secret_scope.this,
│   on main_secret_scope_and_keyvault_acl.tf line 15, in resource "databricks_secret_scope" "this":
│   15: resource "databricks_secret_scope" "this" {
│

Databricks Community

Creating an Azure-Keyvault-backed secret scope with terraform

Connect with Databricks Users in Your Area

Now Hiring: Databricks Community Technical Moderator

Data + AI Summit: Call for Presentations

Season's Speedings: Databricks SQL Delivers 4x Performance Boost Over Two Years

Databricks Community Champion - October 2024 - Filip Niziol

Become Our Next Monthly Community Champion!