Skip to content

Latest commit

 

History

History
63 lines (47 loc) · 2.54 KB

File metadata and controls

63 lines (47 loc) · 2.54 KB
subcategory
Security

databricks_secret_acl Resource

Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult Secrets User Guide for more details.

Example Usage

This way, data scientists can read the Publishing API key that is synchronized from, for example, Azure Key Vault.

resource "databricks_group" "ds" {
  display_name = "data-scientists"
}

resource "databricks_secret_scope" "app" {
  name = "app-secret-scope"
}

resource "databricks_secret_acl" "my_secret_acl" {
  principal  = databricks_group.ds.display_name
  permission = "READ"
  scope      = databricks_secret_scope.app.name
}

resource "databricks_secret" "publishing_api" {
  key = "publishing_api"
  // replace it with a secret management solution of your choice :-)
  string_value = data.azurerm_key_vault_secret.example.value
  scope        = databricks_secret_scope.app.name
}

Argument Reference

The following arguments are required:

  • scope - (Required) name of the scope
  • principal - (Required) principal's identifier. It can be:
  • permission - (Required) READ, WRITE or MANAGE.

Import

The resource secret acl can be imported using scopeName|||principalName combination.

$ terraform import databricks_secret_acl.object `scopeName|||principalName`

Related Resources

The following resources are often used in the same context: