Unable to read secrets from azure key vault in databricks

Sangram Mohanty 46 Reputation points
2023-11-16T19:03:00.75+00:00

Hi All,

I want to read secrets from azure key vault in databricks using dbutils.secrets.get() function. However, this is not working because of RBAC roles and permission. I don't understand though I am the owner of databricks and key vault resource still not able to access one in the another.

User's image

Until now I have supplied key vault administrator role myself and service principal in key vault. Still it is not working.

Can you please help me ?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,158 questions
Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,013 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 16,921 Reputation points Microsoft Employee
    2023-11-17T10:23:40.6366667+00:00

    @Sangram Mohanty

    Thank you for posting your queries on Microsoft. From above description I could understand that you have Owner RBAC role on both KeyVault and databricks but still you end up getting following error when trying to list the secrets in KeyVault.

    Wrapped Message: Status code 403, {"error" : {"code": "Forbidden" , "message" : "Caller is not authorized to perform action on resource.
    
    
    

    Please do correct me if this is not the case by responding in the comments section.

    As per secret scopes (Configure your Azure key vault instance for Azure Databricks) The Azure role-based access control permission model is not currently supported with Azure Databricks.

    User's image

    Solution:

    You must add the identity in the access policy blade:enter image description here

    then you set the required permissions for the secret scope:enter image description here

    later select the corresponding service principal of your databrick:enter image description here

    And then you create the policy [enter image description here

    enter image description here

    Please do let me know if you have any further queries on this.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes) and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments No comments