secret_acl.md

subcategory
Security

databricks_secret_acl Resource

Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult Secrets User Guide for more details.

Example Usage

This way, data scientists can read the Publishing API key that is synchronized from example, Azure Key Vault.

resource "databricks_group" "ds" {
  display_name = "data-scientists"
}

resource "databricks_secret_scope" "app" {
  name = "app-secret-scope"
}

resource "databricks_secret_acl" "my_secret_acl" {
  principal  = databricks_group.ds.display_name
  permission = "READ"
  scope      = databricks_secret_scope.app.name
}

resource "databricks_secret" "publishing_api" {
  key = "publishing_api"
  // replace it with secret management solution of your choice :-)
  string_value = data.azurerm_key_vault_secret.example.value
  scope        = databricks_secret_scope.app.name
}

Argument Reference

The following arguments are required:

• scope - (Required) name of the scope
• principal - (Required) name of the principals. It can be users for all users or name or display_name of databricks_group
• permission - (Required) READ, WRITE or MANAGE.

Import

The resource secret acl can be imported using scopeName|||principalName combination. This may change in future versions.

$ terraform import databricks_secret_acl.object `scopeName|||principalName`

Related Resources

The following resources are often used in the same context:

• End to end workspace management guide.
• databricks_notebook to manage Databricks Notebooks.
• databricks_permissions to manage access control in Databricks workspace.
• databricks_repo to manage Databricks Repos.
• databricks_secret to manage secrets in Databricks workspace.
• databricks_secret_scope to create secret scopes in Databricks workspace.