grazie
Contributor

Thanks for your response 🙂

We need to access secrets from notebooks and other tasks running interactively or in workflows.

We're actually using Azure Key Vault-backed secret scopes now, but we rely on service principals to access the keyvault through secret scope. Secret scopes are problematic, e.g. because they can't be created in a fully automated way, and access control must be managed in Databricks Secret ACLs instead of using Key Vault access control (like Azure RBAC). Service principals come with a maintenance burden for IT who needs to rotate credentials at regular intervals.

We're looking for ways to avoid having to manage service principals, and use Managed Identities instead.