auth command group
Note
This information applies to Databricks CLI versions 0.205 and above, which are in Public Preview. To find your version of the Databricks CLI, run databricks -v.
The auth command group within the Databricks CLI enables you to:
List any available authentication configuration profiles.
Get information about an individual authentication configuration profile.
Get information about any OAuth access tokens that the Databricks CLI might have cached.
Get details about the configuration that the Databricks CLI is using to authenticate.
Important
To install the Databricks CLI, see Install or update the Databricks CLI. To configure authentication for the Databricks CLI, see Authentication for the Databricks CLI.
You run auth commands by appending them to databricks auth. To display help for the auth command, run databricks auth -h.
List configuration profiles
To get a list of all of your available configuration profiles and to check whether they are valid, run the auth profiles command, as follows:
databricks auth profiles
Output (the ellipses represent omitted content, for brevity):
Name Host Valid
DEFAULT https://<host-url> YES
<profile-name> https://<host-url> NO
To determine whether each profile is valid, the Databricks CLI runs a list workspaces command for each account-level profile and runs a get current user command for each workspace-level profile. If the command succeeds, a YES is displayed; otherwise, a NO displays.
The output of the auth profiles command does not display any access tokens. To display an access token, see Get information about a configuration profile.
Configuration profiles are stored in the file ~/.databrickscfg on Linux or macOS, or %USERPROFILE%\.databrickscfg on Windows by default. You can change the default path of this file by setting the environment variable DATABRICKS_CONFIG_FILE. To learn how to set environment variables, see your operating system's documentation.
To create configuration profiles, see the configure command group.
Get information about a configuration profile
To get information about an existing configuration profile, run the auth env command, where <profile-name> represents the name of the profile, and <account-or-workspace-url> represents the Azure Databricks account console URL or the Azure Databricks workspace URL, as follows:
databricks auth env --profile <profile-name>
# Or:
databricks auth env --host <account-or-workspace-url>
Tip
You can press Tab after --profile or -p to display a list of existing available configuration profiles to choose from, instead of entering the configuration profile name manually.
For example, here is the output for a profile that is configured with Azure Databricks access token authentication:
{
"env": {
"DATABRICKS_AUTH_TYPE": "pat",
"DATABRICKS_CONFIG_PROFILE": "<profile-name>",
"DATABRICKS_HOST": "<workspace-url>",
"DATABRICKS_TOKEN": "<token-value>"
}
}
Note
If more than one profile matches the --host value, an error displays, stating that it cannot find a single matching profile. For example, you might have one profile that has only a host value and another profile that has the same host value but also a token value. In this case, the Databricks CLI does not choose a profile and stops. To help the Databricks CLI choose the desired profile, try specifying a different --host value. For --host values that are account console URLs, try specifying an --account-id value instead of a --host value.
To create a configuration profile, see the configure command group.
Get authentication details
To get details about the configuration that the Databricks CLI is using to authenticate, run the auth describe command.
If no options are specified, the auth describe command follows the Default methods for client unified authentication.
databricks auth describe
Output:
Host: https://<workspace-instance-name>
User: <user-name>@<domain>
Authenticated with: <authentication-type>
-----
Current configuration:
✓ host: https://<workspace-instance-name> (from <path>/<to>/.databrickscfg config file)
✓ profile: default
✓ auth_type: <authentication-type> (from <path>/<to>/.databrickscfg config file)
To specify that information about a specific Azure Databricks workspace is used, specify the --host option along with the workspace's URL.
databricks auth describe --host https://<workspace-instance-name>
Output:
Host: https://<workspace-instance-name>
User: <user-name>@<domain>
Authenticated with: <authentication-type>
-----
Current configuration:
✓ host: https://<workspace-instance-name> (from --host flag)
✓ profile: default
✓ auth_type: <authentication-type>
To specify that information about a specific Azure Databricks account is used, specify the --host option along with the Azure Databricks account console URL, https://accounts.databricks.azure.cn.
databricks auth describe --host <account-console-url>
Output:
Host: <account-console-url>
User: <user-name>@<domain>
AccountId: <account-id>
Authenticated with: <authentication-type>
-----
Current configuration:
✓ host: <account-console-url> (from --host flag)
✓ account_id: <account-id>
✓ profile: default
✓ auth_type: <authentication-type>
To specify that information about a specific Azure Databricks configuration profile is used, specify the -p or --profile option along with the profile's name.
databricks auth describe -p <profile-name>
Output:
Host: https://<workspace-instance-name>
User: <user-name>@<domain>
Authenticated with: <authentication-type>
-----
Current configuration:
✓ host: https://<workspace-instance-name> (from <path>/<to>/.databrickscfg config file)
✓ token: ******** (from <path>/<to>/.databrickscfg config file)
✓ profile: <profile-name> (from --profile flag)
✓ auth_type: <authentication-type>
To include sensitive information in the output (such as Azure Databricks personal access tokens and client secrets), specify the --sensitive option.
databricks auth describe --sensitive
Output:
Host: https://<workspace-instance-name>
User: <user-name>@<domain>
Authenticated with: pat
-----
Current configuration:
✓ host: https://<workspace-instance-name> (from <path>/<to>/.databrickscfg config file)
✓ token: <token-value> (from <path>/<to>/.databrickscfg config file)
✓ profile: <profile-name>
✓ auth_type: pat