 Hello, welcome to SSUnitec, so we will decide and this is continuation of SEO Databricks tutorial. So in this video we are going to see about the secret utility. So what is the secret utility and why it's very important we will be going to see in this video. So let's get started. We are going to demonstrate about the secret utility and methodology. Let me quickly go inside the browser and I will show you why it's important. If you are following my videos then in the mount point video remember we are using this code. So under this code we are passing the account key and whatever the value that we are having inside the account key we are directly passing here. But this is not the secure way because anyone can easily go on your notebook and hack this key and it will be going to have the security issues. So instead of passing directly this key value here we will be going to store this key value in some another place and we will be going to specify some name of that key and here we will be using that name. So this is the main use of the secret utility inside the Databricks. So let me quickly go and see how it will be working. So inside the secret methodology if we are going to store few of the secrets inside the Azure Key Vault or the Databricks. So it will be going to store and similarly we are having secret scope 2 and 3. So like we are having these three secret scopes here and it is going to connect with the DB. So earlier we don't have any intermediate layer by which we can make our credentials secure. We are directly connecting with the DB by specifying the credentials. Instead of going directly we will be storing secret values inside this secret scopes. So here we are having two methods by which we can implement the secret utilities. So first one is the Azure Key Vault. So inside the Azure Key Vault we will be storing the value and the key pair. So whenever it is required to make the connections we can directly use the key. Secret utility inside a Databricks workspace it is limited to maximum 100 secret scopes. So we cannot create more than 100 secret scopes. So this is the limitations of creating the secret scope inside the workspace. There is two ways by which we can create the secret scopes. The first one which is the Azure Key Vault bagged scope and second is the Databricks bagged scope. So what is these two and what are the differences? So first as it names like Azure Key Vault bagged scope. So it means the secret will be going to store inside the Azure Key Vault only and it will not be going to have directly available inside the Databricks. So we should be going to use the key that is available inside the Azure Key Vault and all the required access we can specify inside the Azure Key Vault only. So in this video we are going to see how we can create the Azure Key Vault where we will be placing the secret and after that how we can make the mount point. So for creating the secret scope there is no direct UI or label as of now inside the Databricks by which we can create the scope but we are having something which is the secret slash create scope. So this is the exact same thing that you need to use for creating a scope. So you have to specify your URL and after your URL you need to add this so it will be open a new window and on that window we can create the scope. So that we will see in this video don't worry for now and one more thing like as I told you we can add the access policies inside the Azure Key Vault for accessing the Azure Databricks. So we are having three permission levels first is the manage second is the write and third is the read. So inside the manage it allow to change the ACL which is the access control list. So inside if you are going to provide the manage access then they can be able to change your ACL and it will also have the read and write scope access and it also be having read and write scope access. Next is the write access so it will be having the read and write access and in case of the read it will be only allow to read the secret scope. Those are our label. So let me quickly go inside the browser and we will try to implement this in practical. I am here in this secret notebook so what I want to do I want to create this mount point. So let me try to copy this and go back to here. So before when to create the mount point let me quickly check how many mount points are available. So let me copy this and we can use the mounts. So we have already seen this command in the earlier videos. So that's why I am not going to explain what it is doing. So here we can simply check how many available mount points are there. So as we can see we are having this input this registry this result so all these mount points are there. So we need to create one mount point that will be pointing to output location. So as we can see we don't have any mount point for the output location. So let me quickly delete this. Now here as we can see instead of providing this we have to use the secret. So before going to create the secret so let me quickly go inside the as your key vault. So here if it's not available on your list then you can search for the key vault. So key vault will be going to login and it will be going to open like this. So I want to create a new key vault or we can use the existing one. So I am going to use the existing one that I have created. So we can search for ssu something like this. So as we can see we are having this ssu database key vault. So I am going to open this one and inside that we will be creating the secret. So if we can scroll little bit downside we can see these objects and under that we can see the secrets. So inside the secret we can see option to generate or import. So as we can see it is already having one of the key vault secret but I am going to create a new one here. Here we can see the upload option. It is certificate or manual. So I am going to go with the manual and here it will be going to point for key vault secret or output. So I am going to use the kvs out. Here we need to specify the secret value. So how we can get the secret value remember we can go inside the storage account and on the storage account if we can scroll in the downside we can see the access key. So inside the access key we can copy this access key here and we can go and this is your secret. So we can paste it here. Next we can see this content type is optional. We can leave this here we can set the activation date and expiry date. So I am going to activate this right now whatever the time and after that the expiry date I am not going to specify anything. Here we can see the enabled. So it will be going to enabled or not enabled. So I am going to set this as yes. Inside the tags I am not going to add any tag. Now we can simply go and try to create this secret. So it will be going to create soon. We have to wait. So as we can see this is created. We can simply use this key value and whatever the actual secret is available under this that will be available. Now we can go on the Databricks home side and now we need to create the secret. So for creating the secret remember inside the we have discussed we have to use the secrets slash create scope. So simply we can go on this home and after that we can use the secrets slash create scope. Here is the s is the capital letter so you have to use the same. We can click on enter and this page is open for creating the scope. Here we can see the scope name. So we can specify the scope name like the secret scope and this is for the output. So we can use the ss out. Now here the manage principle so inside the manage principle either we can go with the create or the all users. So I am going to go with the all users. Here we need to specify the DNS name and after that the resource ID. So how we can get it we can go inside the key vault. So under that key vault if we can scroll down and go inside the properties then we can see the vault URI. So this is we can copy and this is the DNS name. So we can paste that value here and after that we can see the resource ID. We can simply see the next one is the resource ID we can copy it and we can use here. So this is what we have done. Next we need to click on this create. So once we are clicking on this create so it will be creating as we can see this is added. Now click on OK. So we have successfully created the secret scope and the key vault. Now here we need to click a new cell and let me try to see what are the available commands under the secret. So we can use the dbutils.secret.elp. We can execute and it will be going to showing all the available commands. So as we can see the get list scopes inside the list scopes how many available secrets. So let me quickly use the list scopes first. So it will be going to showing up like three secret. So first is the ss input that I had created earlier test input I had created earlier ss out that we have created right now. Now let me see the next command. So we can again use the help. We will see this get command. So get command is very important because inside the get command we can specify the scope and after that the key. Let me try to use the get command and then it is asking for the scope. So here we can supply the scope. So scope remember we are having ss out. So this is mainly your secret name. So that is the scope and after that we can see the key. So key will be your key vault name. So if we can go here and inside the key vault we can go inside the secrets and under that we will be seeing kvs out. So this will be your key value. So we can simply use that key value here and this should be under the single code. Let me try to execute and we will see what will be the output of this. So it is redacted. It means it is not going to display actual value here but we can utilize this whenever we are making the connections. Let me try to copy this and here go at the top side. Let me put this in a variable. That variable is x instead of supplying this value directly here we can use the x variable. Let me go and try to execute. So it should be executed and you will be seeing mount point will be created with the MNT output as we can see yes. So it means your mount point is created. So let me quickly check if that is created or not. So we can use the query for the mounts and execute it. So we should be seeing here is the mount name that should be MNT input. Let me use the display command so it will be showing up properly in the tabular format so that will be easier to find out. Now here we should be seeing this output that we have created right now. So instead of using this variable you can also use this directly instead of this x so it will also be working but I would prefer to use the a variable and after that using the variable over here. So this is the way that I am using but you can use directly as well. So this is the way that companies are following very often because Key Vault will be storing and that Key Vault can be used in multiple places. If you want to make the connection with the data factory then we can simply use that Key Vault and this single Key Vault will be working in the multiple places. So that's why organizations are following this structure only for creating the Key Vault for the secret and utilizing that into multiple places. Thank you so much for watching this video. If you like this video please subscribe our channel to get many more videos. See you in the next video.