Databricks Community

Kaijser · ‎06-14-2023

I want to install a .whl file on my Databricks cluster which includes a private Azure DevOps repository as a dependency in its pyproject.toml file, i.e.:

[project]
name = "test"
description = "test_description."
version = "0.1.0"
authors = [
  { name = "test", email = "test@test.nl" }
]
requires-python = ">=3.7"
dependencies = [
  "pandas",
  "aiohttp",
  "private_repo @ git+https://<PERSONAL_ACCESS_TOKEN>@dev.azure.com/company/project/_git/private_repo"
]
 
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"

This works but as you can see I have to provide a DevOps personal access token in the pyproject.toml file, which I don't want, because this file is also visible to other people.

I was wondering whether there is a convenient way of hiding this in the pyproject.toml file and instead retrieve it dynamically from the Azure Key Vault. For example, in the Databricks notebooks we can use dbutils to access secret keys, like:

dbutils.secrets.get(scope="secret_scope", key="secret_key")

I guess in setup.py you could use dbutils to do so, but I am not sure how it works with a .toml file.

Anonymous · ‎06-15-2023

Hi @Aaron Kaijser

Great to meet you, and thanks for your question!

Let's see if your peers in the community have an answer to your question. Thanks.

Databricks Community

Installing private python Azure DevOps repository without revealing personal access token in pyproject.toml

Connect with Databricks Users in Your Area

Introducing an exclusively Databricks-hosted Assistant

How to present and share your Notebook insights in AI/BI Dashboards

Meet the Databricks MVPs

Now Hiring: Databricks Community Technical Moderator

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs