cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Referring to Azure Keyvault secrets in spark config

Martin1
New Contributor II

‎05-05-2022 04:11 AM

Hi all

In spark config for a cluster, it works well to refer to a Azure Keyvault secret in the "value" part of the name/value combo on a config row/setting.

For example, this works fine (I've removed the string that is our specific storage account name): 

fs.azure.account.oauth2.client.secret.<storage_account_name>.dfs.core.windows.net {{secrets/secret_scope/secret_value}}

But is it possible to refer to a secret inside of the name-string of the config-row? More specifically, in the example above I would like to have the <storage_account_name> dynamic, using a secret (or any other way) so that it does not need to be hard-coded. Then we would have a more generic and re-usable spark config.

I actually tried this, but it doesn't seem to work:

fs.azure.account.oauth2.client.secret.{{secrets/secret_scope/storage_account_name_secret}}.dfs.core.windows.net {{secrets/secret_scope/secret_value}}

Is there a way to achieve this?

Many thanks,

Martin

Labels:
3 REPLIES 3

Kaniz
Community Manager
Community Manager

‎07-13-2022 02:38 AM

Hi @Martin Aronsson​, This is a link to secret management in Databricks.

0 Kudos

jose_gonzalez
Moderator
Moderator
In response to Kaniz

‎07-28-2022 05:24 PM

Hi @Martin Aronsson​,

Just a friendly follow-up. Do you still are looking for help or Kaniz's response help you to resolved your issue?

0 Kudos

kp12
New Contributor II

‎10-02-2023 03:31 AM

Hello,

Is there any update on this issue please? 

Databricks no longer recommend mounting external location, so the other way to access Azure storage is to use spark config as mentioned in this document - https://learn.microsoft.com/en-us/azure/databricks/storage/azure-storage#connect-to-azure-data-lake-...

Although the spark config works fine, but as @Martin1 mentioned, the value for storage-account and directory-id cannot be accessed from the secret because they are part of the property name. 

Is there a way of accessing these from Databricks secret? as hardcoding these values doesn't seem right.

Thanks,

Kalyani

 

 

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.