secret_acl.md

subcategory
Security

databricks_secret_acl Resource

Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult Secrets User Guide for more details.

Example Usage

This way, data scientists can read the Publishing API key that is synchronized from, for example, Azure Key Vault.

resource "databricks_group" "ds" {
  display_name = "data-scientists"
}

resource "databricks_secret_scope" "app" {
  name = "app-secret-scope"
}

resource "databricks_secret_acl" "my_secret_acl" {
  principal  = databricks_group.ds.display_name
  permission = "READ"
  scope      = databricks_secret_scope.app.name
}

resource "databricks_secret" "publishing_api" {
  key = "publishing_api"
  // replace it with a secret management solution of your choice :-)
  string_value = data.azurerm_key_vault_secret.example.value
  scope        = databricks_secret_scope.app.name
}

Argument Reference

The following arguments are required:

• scope - (Required) name of the scope
• principal - (Required) principal's identifier. It can be:
  • user_name attribute of databricks_user.
  • display_name attribute of databricks_group. Use users to allow access for all workspace users.
  • application_id attribute of databricks_service_principal.
• permission - (Required) READ, WRITE or MANAGE.

Import

The resource secret acl can be imported using scopeName|||principalName combination.

terraform import databricks_secret_acl.object `scopeName|||principalName`

Related Resources

The following resources are often used in the same context:

• End to end workspace management guide.
• databricks_notebook to manage Databricks Notebooks.
• databricks_permissions to manage access control in Databricks workspace.
• databricks_repo to manage Databricks Repos.
• databricks_secret to manage secrets in Databricks workspace.
• databricks_secret_scope to create secret scopes in Databricks workspace.