Skip to content

Added secrets resource support to DABs #4034

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
varundeepsaini wants to merge 1 commit into from
Closed

Added secrets resource support to DABs #4034

varundeepsaini wants to merge 1 commit into from

Conversation

@varundeepsaini
Copy link
Contributor

@varundeepsaini varundeepsaini commented Nov 28, 2025

Changes

Add secrets and secret_scopes as bundle resources

resources:
  secret_scopes:
    my_scope:
      name: my-secret-scope
      permissions:
        - user_name: [email protected]
          level: READ

  secrets:
    api_key:
      scope: my-secret-scope
      key: api-key
      string_value: ${var.api_key_value}

Why

Closes #3689

Users need to manage secrets alongside their jobs/pipelines in bundles rather than creating them manually.

Tests

  • Unit tests for resource definitions and Terraform converters
  • Acceptance tests for both Terraform and direct deployment modes
  • Integration tests for deploy/update/destroy workflows
  • Manual verification against the actual Databricks workspace

@github-actions
Copy link

github-actions bot commented Nov 28, 2025

An authorized user can trigger integration tests manually by following the instructions below:

Trigger:
go/deco-tests-run/cli

Inputs:

  • PR number: 4034
  • Commit SHA: ef49ed716752ed92d88ac110103cb823a68d4a2e

Checks will be approved automatically on success.

@varundeepsaini
Copy link
Contributor Author

varundeepsaini commented Nov 28, 2025

hey @andrewnester
can you please review this pr

denik
denik reviewed Dec 1, 2025
View reviewed changes
bundle/direct/dresources/secret.go
}

// Read back the secret to get remote state
return r.DoRead(ctx, id)
Copy link
Contributor

@denik denik Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should just return nil there, the framework will call DoRead() if it's needed. Same for DoCreate().

denik
denik reviewed Dec 1, 2025
View reviewed changes
bundle/direct/dresources/secret_scope.go
@@ -0,0 +1,111 @@
package dresources
Copy link
Contributor

@denik denik Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pr in progress for secret scopes: #3886

Copy link
Contributor Author

@varundeepsaini varundeepsaini Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, didnt realise it is being worked on, better that I don't work on this feature

do you guys have anything else that i can pick up that you are not actively working on

@johalnes
Copy link

johalnes commented Jan 5, 2026

@varundeepsaini and @denik - Was this closed to soon? Ref #3689 - I would really love to be able to put a secret within a secret scope, as mentioned in the description of this PR. Can't see that #3886 solves this.

@shreyas-goenka
Copy link
Contributor

shreyas-goenka commented Jan 5, 2026

@johalnes Can you please consider creating a new issue for adding support for secrets. We are unlikely to add it anytime soon because secret values are sensitive and need to be modelled appropriately. But a trackable issue can help us guage interest and then appropriately prioritize this.

@johalnes
Copy link

johalnes commented Jan 5, 2026
edited
Loading

@johalnes Can you please consider creating a new issue for adding support for secrets. We are unlikely to add it anytime soon because secret values are sensitive and need to be modelled appropriately. But a trackable issue can help us guage interest and then appropriately prioritize this.

@shreyas-goenka Isn't the issue I mentioned above enough? That is #3689 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denik denik denik left review comments

@andrewnester andrewnester Awaiting requested review from andrewnester andrewnester is a code owner

@anton-107 anton-107 Awaiting requested review from anton-107 anton-107 is a code owner

@pietern pietern Awaiting requested review from pietern pietern is a code owner

@shreyas-goenka shreyas-goenka Awaiting requested review from shreyas-goenka shreyas-goenka is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add "Secrets" to DAB Resources

4 participants

@varundeepsaini @johalnes @shreyas-goenka @denik