List databricks secret scope and find referred keyvault in azure databricks

Question

How can we find existing secret scopes in databricks workspace. And which keyvault is referred by specific SecretScope in Azure Databricks?

Answer 1

This command lists available scopes on databricks:

dbutils.secrets.listScopes()

Answer 2

If you want a quick idea of which keyvault a secret scope refers to, the number of vaults is relatively small, you have list access through Azure portal and the keys between the vaults differ, you can try the following:

First list the scopes using:

dbutils.secrets.listScopes() (Thanks to Matkurek)

And then list the secret names within specific scopes using:

dbutils.secrets.list("SCOPE_NAME")

This might help you pin down which vault the scope points to.

It seams that the only alternative is the CLI option described by Alex Ott

Answer 3

You can do this with either:

• Databricks Secrets REST API - the list secret scopes API will give that information
• Databricks CLI - the databricks secrets list-scopes command will show your KeyVault URL

Answer 4

You can try this snippet here in Python:

import pandas
import json
import requests

# COMMAND ----------

# MAGIC %md ### define variables

# COMMAND ----------

pat           = 'EnterPATHere'           # paste PAT. Get it from settings > user settings
workspaceURL  = 'EnterWorkspaceURLHere'  # paste the workspace url in the format of 'https://adb-1234567.89.azuredatabricks.net' Note, the URL must not end with '/'

# COMMAND ----------

# MAGIC %md ### list secret scopes

# COMMAND ----------

response = requests.get(workspaceURL + '/api/2.0/secrets/scopes/list',\
            headers = {'Authorization' :      'Bearer '+ pat,\
            'Content-Type': 'application/json'})

pandas.json_normalize(json.loads(response.content), record_path = 'scopes')

I have happened to have written a blog post about this where a full Python script is provided to manage secret scopes in Azure Databricks.