Databricks Authentication Token

Bridgecrew Policy ID: BC_GIT_33
Chekov Check ID: CKV_SECRET_33
Severity: LOW

Databricks Authentication Token


To authenticate to and access Databricks REST APIs, you can use Databricks personal access tokens or passwords. Databricks strongly recommends that you use tokens. Tokens replace passwords in an authentication flow and should be protected like passwords. To protect tokens, Databricks recommends that you store tokens in:

  • Secret management and retrieve tokens in notebooks using the Secrets utility (dbutils.secrets).
  • A local key store and use the Python keyring package to retrieve tokens at runtime.

Fix - Buildtime


  1. Find the token ID. See Get tokens for the workspace.
  2. Call the delete a token API (DELETE /token-management/tokens). Pass the token ID in the path.