Authentication for working with online stores

This article describes how to configure authentication for publishing feature tables to online stores and looking up features from online stores.

Authentication for publishing feature tables to online stores

To publish feature tables to an online store, you must provide write authentication.

Databricks recommends that you store credentials in Databricks secrets, and then refer to them using a write_secret_prefix when publishing. Follow the instructions in Use Databricks secrets

Authentication for looking up features from online stores with served MLflow models

To enable Databricks-hosted MLflow models to connect to online stores and look up feature values, you must provide read authentication.

Databricks recommends that you store credentials in Databricks secrets, and then refer to them using a read_secret_prefix when publishing. Follow the instructions in Use Databricks secrets

Provide read credentials using Databricks secrets

Follow the instructions in Use Databricks secrets.

Use Databricks secrets for read and write authentication.

This section shows the steps to follow to set up authentication with Databricks secrets. For code examples illustrating how to use these secrets, see Publish features to an online store.

  1. Create two secret scopes that contain credentials for the online store: one for read-only access (shown here as <read-scope>) and one for read-write access (shown here as <write-scope>). Alternatively, you can reuse existing secret scopes.

  2. Pick a unique name for the target online store, shown here as <prefix>.

    For Cosmos DB (works with any version of Feature Engineering client, and Feature Store client v0.5.0 and above), create the following secrets:

    • Authorization key (account primary or secondary key) with read-only access to the target online store: databricks secrets put-secret <read-scope> <prefix>-authorization-key
    • Authorization key (account primary or secondary key) with read-write access to the target online store: databricks secrets put-secret <write-scope> <prefix>-authorization-key

    For SQL stores, create the following secrets:

    • User with read-only access to the target online store: databricks secrets put-secret <read-scope> <prefix>-user
    • Password for user with read-only access to the target online store: databricks secrets put-secret <read-scope> <prefix>-password
    • User with read-write access to the target online store: databricks secrets put-secret <write-scope> <prefix>-user
    • Password for user with read-write access to the target online store: databricks secrets put-secret <write-scope> <prefix>-password

Note

There is a limit on the number of secret scopes per workspace. To avoid hitting this limit, you can define and share a single secret scope for accessing all online stores.