Table: databricks_workspace_secret - Query Databricks Workspace Secrets using SQL
A Databricks Workspace Secret is a resource in Databricks that allows you to store and manage sensitive data such as passwords, OAuth tokens, and SSH keys. Secrets are stored in a workspace and are available to all notebooks in that workspace. The use of secrets eliminates the need to hard code sensitive data, enhancing security and simplifying the management of sensitive data.
Table Usage Guide
The databricks_workspace_secret
table provides insights into the secrets stored within a Databricks Workspace. As a security analyst, explore secret-specific details through this table, including secret metadata and values. Utilize it to uncover information about sensitive data, such as secret values and metadata, aiding in the management and security of sensitive data.
Examples
Basic info
Explore the latest updates to secret keys within your Databricks workspace for account management purposes. This can help maintain the security and integrity of your workspace by identifying any recent changes.
select scope_name, key, last_updated_timestamp, account_idfrom databricks_workspace_secret;
select scope_name, key, last_updated_timestamp, account_idfrom databricks_workspace_secret;
List all secrets updated in the past 7 days
Explore which confidential data elements were modified in the last week. This query can be used to maintain security and ensure that changes to sensitive information are monitored regularly.
select scope_name, key, last_updated_timestamp, account_idfrom databricks_workspace_secretwhere last_updated_timestamp > now() - interval '7' day;
select scope_name, key, last_updated_timestamp, account_idfrom databricks_workspace_secretwhere last_updated_timestamp > datetime('now', '-7 day');
List total secrets per scope
Assess the elements within your Databricks workspace by identifying the total number of secrets each scope holds. This allows for better management and understanding of your workspace's security configuration.
select scope_name, count(*) as total_secretsfrom databricks_workspace_secretgroup by scope_name;
select scope_name, count(*) as total_secretsfrom databricks_workspace_secretgroup by scope_name;
Get all secrets for a specific scope
Explore the secrets within a specific scope in your Databricks workspace. This is useful for auditing or reviewing the last updated timestamp and associated account details within a given scope.
select scope_name, key, last_updated_timestamp, account_idfrom databricks_workspace_secretwhere scope_name = 'my_scope';
select scope_name, key, last_updated_timestamp, account_idfrom databricks_workspace_secretwhere scope_name = 'my_scope';
Schema for databricks_workspace_secret
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Databricks Account ID in which the resource is located. |
key | text | A unique name to identify the secret. | |
last_updated_timestamp | timestamp with time zone | The last updated timestamp (in milliseconds) for the secret. | |
scope_name | text | = | The name of the secret scope. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- databricks
You can pass the configuration to the command with the --config
argument:
steampipe_export_databricks --config '<your_config>' databricks_workspace_secret