I've created a function in Databricks to anonymize PII data using a secret. I want to grant other users access to execute this function, but I absolutely must not give them direct access to the secret itself.

I've tested granting USAGE on the function, but it appears users can't execute it without also having permission to access the secret. This makes sense, as the function itself needs to retrieve the secret.

Is there a secure way to allow users to call the function without exposing the secret to them? I'm looking for the best practice approach. Any suggestions would be greatly appreciated!

I've created a function in Databricks to anonymize PII data using a secret. I want to grant other users access to execute this function, but I absolutely must not give them direct access to the secret itself.

I've tested granting USAGE on the function, but it appears users can't execute it without also having permission to access the secret. This makes sense, as the function itself needs to retrieve the secret.

Is there a secure way to allow users to call the function without exposing the secret to them? I'm looking for the best practice approach. Any suggestions would be greatly appreciated!

• databricks
• secret-key

• Can you provide your code example? Also, what are you trying to achieve? I mean why use a secret? What hashing algorithm are you using? And why not something like md5 or SHA? And how are the users accessing this? Have you thought of doing some hard coded masking or do downstream need to see unique values depending on the original value? You can refer to a simple encryption function like shown here immuta/guides/partner-blueprints/… and see if it helps. – Anupam Chand Commented Feb 16 at 10:12
• Are you trying to mask on read? Are you using Unity Catalog? It has built-in support for column masking. – Andrew Commented Feb 17 at 16:30

1 Answer 1

One way is we can set up the function to use a secure credential passthrough mechanism to retrieve the secret at runtime. This way, the function itself does not store or expose the secret directly, but rather retrieves it securely when needed.