Connect your Git provider to Databricks

This page explains how to configure a user's Git credentials in Azure Databricks so you can connect remote repositories using Git folders. Choose your Git provider below and follow the authentication steps.

• GitHub
• GitLab
• Azure DevOps Services
• Bitbucket
• Other Git providers

GitHub

This section covers GitHub and GitHub Advanced Enterprise.

Databricks GitHub app (recommended)

For hosted GitHub accounts, Databricks recommends using the Databricks GitHub app for authentication instead of personal access tokens (PATs). The GitHub app uses OAuth 2.0 with encrypted repository traffic, renews tokens automatically, and lets you scope access to specific repositories.

To link your GitHub account with the Databricks GitHub app:

1. Click your user icon and select Settings.

2. Click the Linked accounts tab.

3. Click Add Git credential.

4. Set your provider to GitHub, select Link Git account, and click Link.

   

5. On the Databricks GitHub app authorization page, click Authorize Databricks to authorize the app. This allows Azure Databricks to perform Git operations on your behalf, such as cloning repositories. See Authorizing GitHub Apps in the GitHub documentation.

6. Install the Databricks GitHub app on repositories that you want to access from Git folders:

   1. Open the Databricks GitHub app installation page. You must be the account owner to install the app.
   2. Select the account that owns the repositories you want to access.
   3. Optionally, choose Only select repositories to limit access to specific repositories.
   4. Click Install.

   For more information, see About installing GitHub Apps.

Azure Databricks stores your access and refresh tokens following standard OAuth 2.0 integration. GitHub manages all other access control. Access tokens expire after 8 hours. Refresh tokens expire after 6 months of inactivity, requiring you to reconfigure your credentials. You can optionally encrypt tokens using customer-managed keys.

GitLab

To create a personal access token in GitLab:

1. Click your user icon and select Preferences.
2. Click Personal access tokens in the sidebar.
3. Click Add new token.
4. Enter a name for the token.
5. Select the scopes for your desired permission levels. See Personal access token scopes in the GitLab documentation.
6. Click Create token.
7. Copy the token and enter it in Azure Databricks under Settings > Linked accounts.

For fine-grained access to a specific project, use project access tokens.

Azure DevOps Services

Microsoft Entra ID

If you authenticate using Microsoft Entra ID, Azure DevOps Services authentication happens automatically. Your Azure DevOps Services organization must be linked to the same Microsoft Entra ID tenant as Azure Databricks. The Microsoft Entra ID service endpoint must be accessible from both the private and public subnets of the Azure Databricks workspace. For more information, see Deploy Azure Databricks in your Azure virtual network (VNet injection).

To set your Git provider in Azure Databricks:

1. Click your username in the upper-right corner of any page, then select Settings.

2. Click the Linked accounts tab.

3. Set your provider to Azure DevOps Services.

   

Personal access token

Use a personal access token when your Azure Databricks and Azure DevOps repositories aren't in the same Microsoft Entra ID tenancy.

The Microsoft Entra ID service endpoint must be accessible from both the private and public subnets of the Azure Databricks workspace. For more information, see Deploy Azure Databricks in your Azure virtual network (VNet injection).

To create a personal access token in Azure DevOps:

1. Go to dev.azure.com and sign in to the DevOps organization containing your repository.
2. Click the user settings icon and select Personal Access Tokens.
3. Click + New Token.
4. Configure the token:
   • Enter a name for the token.
   • Select the organization (repository name).
   • Set an expiration date.
   • Choose the required scope, such as Full access.
5. Copy the access token.
6. In Azure Databricks, go to Settings > Linked accounts and enter the token.
7. In Git provider username or email, enter the email address you use to sign in to the DevOps organization.

Bitbucket

Azure Databricks supports Bitbucket authentication using API tokens, access tokens, and app passwords. Databricks recommends using API tokens for users and access tokens for service principals.

API token (recommended)

To generate a scoped Bitbucket API token, follow the Bitbucket documentation.

The token must have read:repository:bitbucket and write:repository:bitbucket scopes.

Add the token in Azure Databricks under Settings > Linked accounts.

Access token

Bitbucket access tokens provide scoped authentication to repositories, projects, or workspaces. They're designed for CI/CD and are recommended for service principals. To create an access token, see the Bitbucket documentation on access tokens.

To configure access tokens for a service principal, see Authorize a service principal to access Git folders.

App password

When adding an app password in Azure Databricks, you must enter your Bitbucket username in the Git provider username field under Settings > Linked accounts.

Other Git providers

If your Git provider isn't listed, try selecting GitHub and entering the PAT from your provider. This approach often works but isn't guaranteed.