Need some help with databricks_secret_scope backed by KeyVault deployment.
Here is my code:
provider "databricks" {
host = azurerm_databricks_workspace.databricks_workspace.workspace_url
azure_workspace_resource_id = azurerm_databricks_workspace.databricks_workspace.id
}
resource "databricks_secret_scope" "dbatabricks_kv1" {
name = "tf_scope1"
initial_manage_principal = "users"
keyvault_metadata {
resource_id = module.kv.id
dns_name = module.kv.uri
}
}
resource "databricks_secret_acl" "databricks_acl" {
principal = "users"
permission = "MANAGE"
scope = databricks_secret_scope.dbatabricks_kv1.name
}
But during deployment I’ve got next error:
│ Error: cannot read secret scope: invalid character ‘<’ looking for beginning of value
│
│ with databricks_secret_scope.dbatabricks_kv1,
│ on databricks.tf line 41, in resource “databricks_secret_scope” “dbatabricks_kv1”:
│ 41: resource “databricks_secret_scope” “dbatabricks_kv1” {
What did I miss in this config?
My service principal of course added to KeyVault access policy to do everything with secrets. Pretty much same as all other users who are in Databricks - added to KeyVault’s ACL.