How can we find existing secret scopes in databricks workspace. And which keyvault is referred by specific SecretScope in Azure Databricks?
Best Answer
This command lists available scopes on databricks:
dbutils.secrets.listScopes()If you want a quick idea of which keyvault a secret scope refers to, the number of vaults is relatively small, you have list access through Azure portal and the keys between the vaults differ, you can try the following:
First list the scopes using:
dbutils.secrets.listScopes() (Thanks to Matkurek)
And then list the secret names within specific scopes using:
dbutils.secrets.list("SCOPE_NAME")
This might help you pin down which vault the scope points to.
It seams that the only alternative is the CLI option described by Alex Ott
You can do this with either:
- Databricks Secrets REST API - the list secret scopes API will give that information
- Databricks CLI - the
databricks secrets list-scopescommand will show your KeyVault URL
You can try this snippet here in Python:
import pandasimport jsonimport requests# COMMAND ----------# MAGIC %md ### define variables# COMMAND ----------pat = 'EnterPATHere' # paste PAT. Get it from settings > user settingsworkspaceURL = 'EnterWorkspaceURLHere' # paste the workspace url in the format of 'https://adb-1234567.89.azuredatabricks.net' Note, the URL must not end with '/'# COMMAND ----------# MAGIC %md ### list secret scopes# COMMAND ----------response = requests.get(workspaceURL + '/api/2.0/secrets/scopes/list',\headers = {'Authorization' : 'Bearer '+ pat,\'Content-Type': 'application/json'})pandas.json_normalize(json.loads(response.content), record_path = 'scopes')I have happened to have written a blog post about this where a full Python script is provided to manage secret scopes in Azure Databricks.