subcategory |
---|
Security |
Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult Secrets User Guide for more details.
This way, data scientists can read the Publishing API key that is synchronized from, for example, Azure Key Vault.
resource "databricks_group" "ds" {
display_name = "data-scientists"
}
resource "databricks_secret_scope" "app" {
name = "app-secret-scope"
}
resource "databricks_secret_acl" "my_secret_acl" {
principal = databricks_group.ds.display_name
permission = "READ"
scope = databricks_secret_scope.app.name
}
resource "databricks_secret" "publishing_api" {
key = "publishing_api"
// replace it with a secret management solution of your choice :-)
string_value = data.azurerm_key_vault_secret.example.value
scope = databricks_secret_scope.app.name
}
The following arguments are required:
scope
- (Required) name of the scopeprincipal
- (Required) principal's identifier. It can be:user_name
attribute of databricks_user.display_name
attribute of databricks_group. Useusers
to allow access for all workspace users.application_id
attribute of databricks_service_principal.
permission
- (Required)READ
,WRITE
orMANAGE
.
The resource secret acl can be imported using scopeName|||principalName
combination.
$ terraform import databricks_secret_acl.object `scopeName|||principalName`
The following resources are often used in the same context:
- End to end workspace management guide.
- databricks_notebook to manage Databricks Notebooks.
- databricks_permissions to manage access control in Databricks workspace.
- databricks_repo to manage Databricks Repos.
- databricks_secret to manage secrets in Databricks workspace.
- databricks_secret_scope to create secret scopes in Databricks workspace.