【Azure Key Vault】在Azure Databricks上获取Azure Key Vault中所存储的机密(secret)...
source link: https://www.cnblogs.com/lulight/p/17752994.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
【Azure Key Vault】在Azure Databricks上获取Azure Key Vault中所存储的机密(secret)的两种方式
在Azure Databricks上获取Azure Key Vault中所存储的机密(secret)的两种方式?
方式一: 在Databricks的Notebook 中,直接编写Python代码读取Key Vault的Secret
实例代码如下:
import os from azure.keyvault.secrets import SecretClient from azure.identity import DefaultAzureCredential KVUri = f"https://<your key vault name>.vault.azure.cn/" credential = DefaultAzureCredential() client = SecretClient(vault_url=KVUri, credential=credential) retrieved_secret = client.get_secret("<your secret name>") print(f"Your secret is '{retrieved_secret.value}'.")
在执行中,会先后遇见
- azure.keyvault.secrets 和 azure.identity module没有安装
- 当前环境使用的Application ID 没有权限访问key vault的问题。
> 没有安装Module的解决办法可以直接使用 %pip install <module name> 解决
%pip install azure.keyvault.secrets %pip install azure.identity dbutils.library.restartPython()
执行效果截图:
> Application ID没有权限访问的问题可以通过Key Vault的Access Policy页面,为Application ID赋予读取权限来解决
解决以上两个问题后,再次执行Python Code,可以成功获取到Key Vault中的机密信息。
方式二:为Databricks定义Key Vault backend-secret scope,然后使用Databricks的工具包获取secret
当Azure Databricks和Azure Key Vault资源都创建成功后。
首先在Databricks的页面中添加 key Vault backed-secret scope,使用如下的URL打开Create Secret Scope
URL : https://<Azure Databricks Service URL>.databricks.azure.cn/#secrets/createScope
在保存中如果遇见权限问题,可以在Key Vault的 Access Policy中为 AzureDatabricks 添加权限(GET, SET等权限)
设置完成后,回到Databricks的Notebook页面,使用如下语句进行验证:
ENCODED_AUTH_KEY = dbutils.secrets.get(scope = "scope name in databricks", key = "the secret name in key value") print(f"this result is:'{ENCODED_AUTH_KEY}'")
执行效果截图:
参考资料:
Databricks Secrets scopes: https://learn.microsoft.com/zh-cn/azure/databricks/security/secrets/secret-scopes
Databricks Secrets: https://learn.microsoft.com/zh-cn/azure/databricks/security/secrets/secrets
Databricks Escrets redaction: https://learn.microsoft.com/zh-cn/azure/databricks/security/secrets/redaction
【END】
Recommend
-
35
At SQL Saturday #884 – Pensacola, I dropped into Rodney Ladrum’s session on Azure Databricks (ADB) and the Traditional DBA . I had heard a bit abou...
-
29
Authentication using Azure Databricks personal access tokens 24/11/2020 2 minutes to read In this article To authenticate to and access Databricks REST...
-
6
Building large scale data ingestion solutions for Azure SQL using Azure databricks - Part 2Find out how bulk insert performs with different indexing strategy in Azure SQL Database. Sep 3, 2020 •...
-
13
Building large scale data ingestion solutions for Azure SQL using Azure databricks - Part 1Discover how to bulk insert million of rows into Azure SQL Hyperscale using Databricks Sep 1, 2020 •...
-
5
如何防止企业的数据和机密从GitHub存储库泄露 责任编辑:cres 作者:Andrada Fiscutean | 2021-10-15 09:55:41 原创文章 企业网D1Net 研究表明,网络攻击者不断在GitHub等公共代码存储库中搜索开发...
-
5
风之优雅z ...
-
7
MBDA疑似被入侵,攻击者声称获取机密-51CTO.COM MBDA疑似被入侵,攻击者声称获取机密 作者:Euclid 2022-08-02 08:22:48 代号为Adrastea的攻击组织自称是一组独立的网络安全专家和研...
-
1
cex2dex 中所需要的合约 犀牛的博客 姑苏城外一茅屋...
-
3
软文发布在互联网营销中所占据的优势 新闻发布 发布日期:2022-1...
-
5
u-blox观点分享:GNSS技术在自动驾驶领域中所发挥的重要作用-品玩 业界动态 u-blox观点分享:GNSS技术在自动驾驶领域中所发挥的重要作用...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK