【Azure Key Vault】在Azure Databricks上获取Azure Key Vault中所存储的机密(secret)...

11 months ago

source link: https://www.cnblogs.com/lulight/p/17752994.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

【Azure Key Vault】在Azure Databricks上获取Azure Key Vault中所存储的机密(secret)的两种方式

在Azure Databricks上获取Azure Key Vault中所存储的机密(secret)的两种方式？

方式一：在Databricks的Notebook 中，直接编写Python代码读取Key Vault的Secret

实例代码如下：

import os
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

KVUri = f"https://<your key vault name>.vault.azure.cn/"

credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri, credential=credential)

retrieved_secret = client.get_secret("<your secret name>")

print(f"Your secret is '{retrieved_secret.value}'.")

在执行中，会先后遇见

azure.keyvault.secrets 和 azure.identity module没有安装
当前环境使用的Application ID 没有权限访问key vault的问题。

> 没有安装Module的解决办法可以直接使用 %pip install <module name> 解决

%pip install azure.keyvault.secrets

%pip install azure.identity

dbutils.library.restartPython()

执行效果截图：

> Application ID没有权限访问的问题可以通过Key Vault的Access Policy页面，为Application ID赋予读取权限来解决

解决以上两个问题后，再次执行Python Code，可以成功获取到Key Vault中的机密信息。

方式二：为Databricks定义Key Vault backend-secret scope，然后使用Databricks的工具包获取secret

当Azure Databricks和Azure Key Vault资源都创建成功后。

首先在Databricks的页面中添加 key Vault backed-secret scope，使用如下的URL打开Create Secret Scope

URL : https://<Azure Databricks Service URL>.databricks.azure.cn/#secrets/createScope

在保存中如果遇见权限问题，可以在Key Vault的 Access Policy中为 AzureDatabricks 添加权限（GET, SET等权限）

设置完成后，回到Databricks的Notebook页面，使用如下语句进行验证：

ENCODED_AUTH_KEY = dbutils.secrets.get(scope = "scope name in databricks", key = "the secret name in key value")
print(f"this result is:'{ENCODED_AUTH_KEY}'")

执行效果截图：

参考资料：

Databricks Secrets scopes: https://learn.microsoft.com/zh-cn/azure/databricks/security/secrets/secret-scopes

Databricks Secrets: https://learn.microsoft.com/zh-cn/azure/databricks/security/secrets/secrets

Databricks Escrets redaction: https://learn.microsoft.com/zh-cn/azure/databricks/security/secrets/redaction

【END】

Recommend

www.tuicool.com 5 years ago
Cache

Investigating Azure Databricks

At SQL Saturday #884 – Pensacola, I dropped into Rodney Ladrum’s session on Azure Databricks (ADB) and the Traditional DBA . I had heard a bit abou...

docs.microsoft.com 3 years ago
Cache

Authentication using Azure Databricks personal access tokens

Authentication using Azure Databricks personal access tokens 24/11/2020 2 minutes to read In this article To authenticate to and access Databricks REST...

ankitbko.github.io 3 years ago
Cache

Building large scale data ingestion solutions for Azure SQL using Azure databric...

Building large scale data ingestion solutions for Azure SQL using Azure databricks - Part 2Find out how bulk insert performs with different indexing strategy in Azure SQL Database. Sep 3, 2020 •...

ankitbko.github.io 3 years ago
Cache

Building large scale data ingestion solutions for Azure SQL using Azure databric...

Building large scale data ingestion solutions for Azure SQL using Azure databricks - Part 1Discover how to bulk insert million of rows into Azure SQL Hyperscale using Databricks Sep 1, 2020 •...