Docs Home
Databricks v1.70.0 published on Friday, May 9, 2025 by Pulumi
databricks.ServicePrincipalSecret
Explore with Pulumi AI
With this resource you can create a secret for a given Service Principals.
This resource can only be used with an account-level provider!
This secret can be used to configure the Databricks Pulumi Provider to authenticate with the service principal. See Authenticating with service principal.
Additionally, the secret can be used to request OAuth tokens for the service principal, which can be used to authenticate to Databricks REST APIs. See Authentication using OAuth tokens for service principals.
Example Usage
Create service principal secret
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const terraformSp = new databricks.ServicePrincipalSecret("terraform_sp", {servicePrincipalId: _this.id});
import pulumi
import pulumi_databricks as databricks
terraform_sp = databricks.ServicePrincipalSecret("terraform_sp", service_principal_id=this["id"])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewServicePrincipalSecret(ctx, "terraform_sp", &databricks.ServicePrincipalSecretArgs{
ServicePrincipalId: pulumi.Any(this.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var terraformSp = new Databricks.ServicePrincipalSecret("terraform_sp", new()
{
ServicePrincipalId = @this.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.ServicePrincipalSecret;
import com.pulumi.databricks.ServicePrincipalSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var terraformSp = new ServicePrincipalSecret("terraformSp", ServicePrincipalSecretArgs.builder()
.servicePrincipalId(this_.id())
.build());
}
}
resources:
terraformSp:
type: databricks:ServicePrincipalSecret
name: terraform_sp
properties:
servicePrincipalId: ${this.id}
Related Resources
The following resources are often used in the same context:
- databricks.ServicePrincipal to manage Service Principals in Databricks
Create ServicePrincipalSecret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServicePrincipalSecret(name: string, args: ServicePrincipalSecretArgs, opts?: CustomResourceOptions);@overload
def ServicePrincipalSecret(resource_name: str,
args: ServicePrincipalSecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServicePrincipalSecret(resource_name: str,
opts: Optional[ResourceOptions] = None,
service_principal_id: Optional[str] = None,
create_time: Optional[str] = None,
expire_time: Optional[str] = None,
lifetime: Optional[str] = None,
secret: Optional[str] = None,
secret_hash: Optional[str] = None,
status: Optional[str] = None,
update_time: Optional[str] = None)func NewServicePrincipalSecret(ctx *Context, name string, args ServicePrincipalSecretArgs, opts ...ResourceOption) (*ServicePrincipalSecret, error)public ServicePrincipalSecret(string name, ServicePrincipalSecretArgs args, CustomResourceOptions? opts = null)
public ServicePrincipalSecret(String name, ServicePrincipalSecretArgs args)
public ServicePrincipalSecret(String name, ServicePrincipalSecretArgs args, CustomResourceOptions options)
type: databricks:ServicePrincipalSecret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServicePrincipalSecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServicePrincipalSecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServicePrincipalSecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServicePrincipalSecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServicePrincipalSecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var servicePrincipalSecretResource = new Databricks.ServicePrincipalSecret("servicePrincipalSecretResource", new()
{
ServicePrincipalId = "string",
CreateTime = "string",
ExpireTime = "string",
Lifetime = "string",
Secret = "string",
SecretHash = "string",
Status = "string",
UpdateTime = "string",
});
example, err := databricks.NewServicePrincipalSecret(ctx, "servicePrincipalSecretResource", &databricks.ServicePrincipalSecretArgs{
ServicePrincipalId: pulumi.String("string"),
CreateTime: pulumi.String("string"),
ExpireTime: pulumi.String("string"),
Lifetime: pulumi.String("string"),
Secret: pulumi.String("string"),
SecretHash: pulumi.String("string"),
Status: pulumi.String("string"),
UpdateTime: pulumi.String("string"),
})
var servicePrincipalSecretResource = new ServicePrincipalSecret("servicePrincipalSecretResource", ServicePrincipalSecretArgs.builder()
.servicePrincipalId("string")
.createTime("string")
.expireTime("string")
.lifetime("string")
.secret("string")
.secretHash("string")
.status("string")
.updateTime("string")
.build());
service_principal_secret_resource = databricks.ServicePrincipalSecret("servicePrincipalSecretResource",
service_principal_id="string",
create_time="string",
expire_time="string",
lifetime="string",
secret="string",
secret_hash="string",
status="string",
update_time="string")
const servicePrincipalSecretResource = new databricks.ServicePrincipalSecret("servicePrincipalSecretResource", {
servicePrincipalId: "string",
createTime: "string",
expireTime: "string",
lifetime: "string",
secret: "string",
secretHash: "string",
status: "string",
updateTime: "string",
});
type: databricks:ServicePrincipalSecret
properties:
createTime: string
expireTime: string
lifetime: string
secret: string
secretHash: string
servicePrincipalId: string
status: string
updateTime: string
ServicePrincipalSecret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServicePrincipalSecret resource accepts the following input properties:
- Service
Principal stringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- Create
Time string - UTC time when the secret was created.
- Expire
Time string - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- Lifetime string
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - Secret string
- Generated secret for the service principal.
- Secret
Hash string - Secret Hash.
- Status string
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - Update
Time string - UTC time when the secret was updated.
- Service
Principal stringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- Create
Time string - UTC time when the secret was created.
- Expire
Time string - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- Lifetime string
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - Secret string
- Generated secret for the service principal.
- Secret
Hash string - Secret Hash.
- Status string
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - Update
Time string - UTC time when the secret was updated.
- service
Principal StringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- create
Time String - UTC time when the secret was created.
- expire
Time String - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime String
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret String
- Generated secret for the service principal.
- secret
Hash String - Secret Hash.
- status String
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update
Time String - UTC time when the secret was updated.
- service
Principal stringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- create
Time string - UTC time when the secret was created.
- expire
Time string - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime string
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret string
- Generated secret for the service principal.
- secret
Hash string - Secret Hash.
- status string
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update
Time string - UTC time when the secret was updated.
- service_
principal_ strid - SCIM ID of the databricks.ServicePrincipal (not application ID).
- create_
time str - UTC time when the secret was created.
- expire_
time str - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime str
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret str
- Generated secret for the service principal.
- secret_
hash str - Secret Hash.
- status str
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update_
time str - UTC time when the secret was updated.
- service
Principal StringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- create
Time String - UTC time when the secret was created.
- expire
Time String - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime String
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret String
- Generated secret for the service principal.
- secret
Hash String - Secret Hash.
- status String
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update
Time String - UTC time when the secret was updated.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServicePrincipalSecret resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ServicePrincipalSecret Resource
Get an existing ServicePrincipalSecret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServicePrincipalSecretState, opts?: CustomResourceOptions): ServicePrincipalSecret@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[str] = None,
expire_time: Optional[str] = None,
lifetime: Optional[str] = None,
secret: Optional[str] = None,
secret_hash: Optional[str] = None,
service_principal_id: Optional[str] = None,
status: Optional[str] = None,
update_time: Optional[str] = None) -> ServicePrincipalSecretfunc GetServicePrincipalSecret(ctx *Context, name string, id IDInput, state *ServicePrincipalSecretState, opts ...ResourceOption) (*ServicePrincipalSecret, error)public static ServicePrincipalSecret Get(string name, Input<string> id, ServicePrincipalSecretState? state, CustomResourceOptions? opts = null)public static ServicePrincipalSecret get(String name, Output<String> id, ServicePrincipalSecretState state, CustomResourceOptions options)resources: _: type: databricks:ServicePrincipalSecret get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time string - UTC time when the secret was created.
- Expire
Time string - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- Lifetime string
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - Secret string
- Generated secret for the service principal.
- Secret
Hash string - Secret Hash.
- Service
Principal stringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- Status string
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - Update
Time string - UTC time when the secret was updated.
- Create
Time string - UTC time when the secret was created.
- Expire
Time string - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- Lifetime string
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - Secret string
- Generated secret for the service principal.
- Secret
Hash string - Secret Hash.
- Service
Principal stringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- Status string
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - Update
Time string - UTC time when the secret was updated.
- create
Time String - UTC time when the secret was created.
- expire
Time String - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime String
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret String
- Generated secret for the service principal.
- secret
Hash String - Secret Hash.
- service
Principal StringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- status String
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update
Time String - UTC time when the secret was updated.
- create
Time string - UTC time when the secret was created.
- expire
Time string - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime string
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret string
- Generated secret for the service principal.
- secret
Hash string - Secret Hash.
- service
Principal stringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- status string
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update
Time string - UTC time when the secret was updated.
- create_
time str - UTC time when the secret was created.
- expire_
time str - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime str
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret str
- Generated secret for the service principal.
- secret_
hash str - Secret Hash.
- service_
principal_ strid - SCIM ID of the databricks.ServicePrincipal (not application ID).
- status str
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update_
time str - UTC time when the secret was updated.
- create
Time String - UTC time when the secret was created.
- expire
Time String - UTC time when the secret will expire. If the field is not present, the secret does not expire.
- lifetime String
- The lifetime of the secret in seconds formatted as
NNNNs. If this parameter is not provided, the secret will have a default lifetime of 730 days (63072000s). Expiration of secret will lead to generation of new secret. - secret String
- Generated secret for the service principal.
- secret
Hash String - Secret Hash.
- service
Principal StringId - SCIM ID of the databricks.ServicePrincipal (not application ID).
- status String
- Status of the secret (i.e.,
ACTIVE- see REST API docs for full list). - update
Time String - UTC time when the secret was updated.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.