I want to create a keyvault-backed secret scope in databricks USING THE CLI.
databricks secrets create-scope "keyvault_nonHR_QUA" --scope-backend-type AZURE_KEYVAULT
gives me Error: Scope with Azure KeyVault must have AzureKeyVaultSecretScopeMetadata defined!
while:
databricks secrets create-scope "myscope" --scope-backend-type AZURE_KEYVAULT --resource-id "<azure-keyvault-resource-id>" --dns-name "<azure-keyvault-dns-name>" --initial-manage-principal users
gives Error: unknown flag: --resource-id
The doc seems to refer to the legacy CLI https://learn.microsoft.com/en-us/azure/databricks/security/secrets/secret-scopes#--create-an-azure-key-vault-backed-secret-scope-using-the-databricks-cli
any help welcome
I faced this same issue using Databricks CLI v0.204.0. The only way I found to remedy this was to use the --json flag.
For example...
databricks secrets create-scope --json "{\"scope\": \"kduenke-testing\", \"scope_backend_type\": \"AZURE_KEYVAULT\", \"backend_azure_keyvault\": { \"resource_id\": \"/subscriptions/<--SUBSCRIPTION_GUID-->/resourceGroups/<--RESOURCE_GROUP_NAME-->/providers/Microsoft.KeyVault/vaults/<--KEY_VAULT_NAME-->\", \"dns_name\": \"https://<--KEY_VAULT_NAME-->.vault.azure.net/\" } }"