What is Secret Scopes?

A Secret Scope allows you to manage all the secret identities or information used for API authentication or other connections in a workspace.
The naming of a Secret Scope has specific criteria in which the name should be non-sensitive and easily readable to the users using the workspace.

What is a Secret?

Inside a Secret Scope, Secrets are present in the form of a Key-value Pair that stores Secret information like access key, access Id, reference key, etc.

Let’s say, if we want to create a secret named “database_password” in a scope named “database”.

Prerequisite
Install databrick CLI
Set up CLI profile with personal access token

Step One: Create a Secret Scope
```
databricks secrets create-scope --scope database
```
We can add -–initial-manage-principal <principal> argument to initialize the principal for management.
Recommand to specify a profile by adding --profile <profile-name.

Step Two: Create a Secret in a Scope
```
databricks secrets put –-scope database -–key database_password
```
After run this command, a vim editor will pop out to let us input the value of the secret.
Input the value and save to close the editor. The secret will be successfully set.

databricks secrets list --scope database

In a databricks notebook, use dbutilsto get a configured secret ```python secret = dbutils.secrets.get(scope = “databse”, key = “database_password”)

print(secret) # output: [REDACTED] ```

There are three levels of permissions that you can assign while creating each Secret Ccope. They are:

Manage: This permission is used to manage everything about the Secret Scopes and ACLS (Access Control List). By using ACLs, users can configure fine-grained permissions to different people and groups for accessing different Scopes and Secrets.
Write: This allows you to read, write, and manage the keys of the particular Secret Scope.
Read: This allows you to read the secret scope and list all the secrets available inside it.