1006-30--FPGA digital signal processing and engineering application practice, a very good book
File: n459.com/f/25127180-479733527-fc7a37 (Access password: 551685)
The following are irrelevant:
-------------------------------------------Dividing line----- ----------------------------------------
Sometimes, accessing data requires you to authenticate to an external data source through JDBC. You can use Azure Databricks Secret to store credentials and reference them in notebooks and jobs instead of entering credentials directly in the notebook.
To configure a Secret, there are three steps:
Create a secret scope. The scope name is case sensitive.
Add secret to secret scope, secret name is case sensitive.
Grant permissions to secret scope.
1. Introduction to
Secret Scope Secret Scope is a collection of Secrets, and each Secret is uniquely determined by name. Each Databricks workspace can create up to 100 Secret Scopes. Azure supports two types of Secret Scope: Azure Key Vault-backed and Databricks-backed.
1. Secret Scope based on Azure Key Vault
To reference the Secret stored in Azure Key Vault, you can create a Secret Scope based on Azure Key Vault. The Secret Scope based on Azure Key Vault is read-only for Key Vault. This article focuses on Secret Scope based on Azure Key Vault.
2. Secret Scope based on Databricks
Databricks-based Secret Scope is stored in an encrypted database owned and managed by Azure Databricks. The name of Secret Scope must be unique in the workspace, must contain alphanumeric characters, dashes, underscores, and periods, and must not exceed 128 characters. The name is considered insensitive and can be read by all users in the workspace.
Second, create a Secret Scope based on Azure Key Vault
Use Azure Portal UI to create an Azure Key Vault-backed secret scope. First, before creating this type of Secret Scope, make sure that you have Contributor permissions on the Azure Key Vault instance.
Open the webpage "https://#secrets/createScope". This URL is case sensitive. Pay attention to the "createScope" in the URL. The first letter of "Scope" must be capitalized.
Main configuration options:
Scope Name: Specify the name of the Secret Scope, which is case sensitive.
Manage Principal: Used to define the Manage Principal of the Secret Scope (security principal with management permissions). The option All Users means that all users have the MANAGE permission, and the option Creator means that only the creator of the Secret Scope has the MANAGE permission. The MANAGE permission has read and write permissions to Secret Scope. The recommended option is Creator, which only authorizes MANAGE permission to Creator. However, the user's account must have an Azure Databricks Premium Plan in order to choose Creator.
DNS Name: Vault URI, which can be viewed from the Properties panel of Key Vault.
Resource ID: The Resource ID can be viewed from the properties panel of Azure Key Valut.
3. Personal access tokens
If you want to access Databricks REST API, you can use Databricks personal access tokens to verify permissions.
Click the user profile icon in the upper right corner of the Databricks workspace
Click "User Settings" to enter the "User Settings" page, click "Generage New Token" on this page to generate a new Token.
Note: To save the Token and enter the page again, the Token is no longer visible.
Four: Configure Databricks CLI
Use Databricks CLI (command-line interface) command to verify whether the Secret Scope is created successfully.
Step1: Install Databricks CLI
pip install databricks-cli to
check whether the Databricks CLI is installed successfully, you can run Databricks CLI -h to get the help document:
databricks -h
Step2: Configure verification information
Enter Databricks Host, and enter the personal access token generated
databricks configure --token
Step3: View the Secret Scope list
databricks secrets list-scopes