- An existing Azure Databricks Workspace
- Administrator Access to your Databricks Workspace
- An existing Databricks Service Principal with a corresponding Azure AD App Registration. Identified by the matching
Client ID
andUUID
. See here for more information on how to set this up. - A client Secret of the App Registration of the Service Principal
Configure the parameters according to your environment.
$tenantId = "00000000-0000-0000-0000-000000000000" # Change me
$clientId = "00000000-0000-0000-0000-000000000000" # Change me
$clientSecret = "yPp8tXXXXXXtaBj" # Change me
$databrickWorkspaceUrl = "https://adb-0000000000000000.0.azuredatabricks.net" # Change me
$databricksTokenLifetime = 120 # Change me
$databricksTokenComment = "Just a token to test the pat creation via API" # Change me
Before you can create a Databricks Personal Access Token you have to check if the Databricks Service Principal is eligible to create a Personal Access Token. Therefore go to your Databricks Workspace and navigate to Admin Settings
-> Workspace Settings
-> Access control
-> Personal Access Tokens
check whether this is enabled and check the permissions if your service principal is eligible to use Personal Access Tokens.
Now assume a Azure AD access token for your AAD App Registration aka. AAD Service Principal. This will than be used to create the Databricks Personal Access Token.
$aadToken = Invoke-RestMethod -Uri https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token -Method Post -Headers @{ "Content-Type" = "application/x-www-form-urlencoded" } -Body @{
client_id=$clientId;
client_secret=$clientSecret;
grant_type="client_credentials";
scope='2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default';
}
You can now use your AAD token to create a Databricks Personal Access Token for the Databricks Service Principal.
Remove the lifetime_seconds
parameter below to create a token that never expires.
$dbxToken = Invoke-RestMethod -Uri "$databrickWorkspaceUrl/api/2.0/token/create" -Method Post -Headers @{ "Authorization" = "Bearer $($aadToken.access_token)" } -Body (ConvertTo-Json @{
lifetime_seconds = $databricksTokenLifetime; # Remove this line to never expire the token
comment = $databricksTokenComment;
})
$expirationDateTime = [System.DateTimeOffset]::FromUnixTimeMilliseconds($dbxToken.token_info.expiry_time).DateTime
Write-Host "Databricks token: $($dbxToken.token_value)"
Write-Host "Expires on: $expirationDateTime"
Done ✅
Invoke-RestMethod -Uri "$databrickWorkspaceUrl/api/2.0/token/list" -Method Get -Headers @{ "Authorization" = "Bearer $($aadToken.access_token)" }
$tokenId = "0000000000000000000000000000000000000000000000000000000000000000"
Invoke-RestMethod -Uri "$databrickWorkspaceUrl/api/2.0/token/delete" -Method Post -Headers @{ "Authorization" = "Bearer $($aadToken.access_token)" } -Body (ConvertTo-Json @{
token_id = $tokenId;
})