Databricks Community

JPNP · 2 weeks ago

Hello,

I am trying to create the Azure Key Vault-backed secret scope, but it failing with the below error, I have tried to clear the cache, and logged out , used incognito browser as well but not able to create a scope. Can you please help here ?

szymon_dybczak · 2 weeks ago

Hi @JPNP ,

Maybe try with the Databricks CLI? Even if the command below doesn’t succeed, at least the error message could be more meaningful.

databricks secrets create-scope \
  --scope keyvaultscope \
  --scope-backend-type AZURE_KEYVAULT \
  --resource-id "/subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.KeyVault/vaults/<vault-name>" \
  --dns-name "https://<vault-name>.vault.azure.net/"

trailblazer · Thursday

hi, did you manage to resolve this, I have the same error but the error message is not very helpful.

Yogesh_378691 · Thursday

If the UI keeps failing with that vague error, the CLI approach suggested above is the best next step, since it usually gives a clearer error message. Also make sure that:

The service principal you’re using to create the scope has Key Vault Administrator permissions on the vault.

The resource ID and DNS name are copied exactly as shown in the Azure portal (any typo or extra space will cause failures).

The Databricks workspace is in the same Azure region as the Key Vault (cross-region secret scopes are not supported).

If those checks look good but it still fails, I’d recommend running the CLI command with --debug to capture the full error details, which will help narrow down whether it’s a permissions issue or a configuration mismatch.

Yogesh Verma

Databricks Community

Not able to creare Secret scope in Azure databricks

Join Us as a Local Community Builder!

What's new in Databricks: July - August 2025

How to use Lakebase as a transactional data layer for Databricks Apps

🌟 Community Spark of the Week | Aug 22 – Aug 28 🌟

EMEA Learning Festival: Hands-on Learning Journey!

Virtual Learning Festival: 10 October - 31 October 2025