databricks_secret_acl Resource

Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult Secrets User Guide for more details.

Example Usage

This way, data scientists can read the Publishing API key that is synchronized from, for example, Azure Key Vault.

resource "databricks_group" "ds" {
  display_name = "data-scientists"
}

resource "databricks_secret_scope" "app" {
  name = "app-secret-scope"
}

resource "databricks_secret_acl" "my_secret_acl" {
  principal  = databricks_group.ds.display_name
  permission = "READ"
  scope      = databricks_secret_scope.app.name
}

resource "databricks_secret" "publishing_api" {
  key = "publishing_api"
  // replace it with a secret management solution of your choice :-)
  string_value = data.azurerm_key_vault_secret.example.value
  scope        = databricks_secret_scope.app.name
}

Argument Reference

The following arguments are required:

Import

The resource secret acl can be imported using scopeName|||principalName combination.

terraform import databricks_secret_acl.object `scopeName|||principalName`

The following resources are often used in the same context: