机密编修Secret redaction

将凭据存储为 Azure Databricks 密钥,可以在运行笔记本和作业时轻松保护凭据。Storing credentials as Azure Databricks secrets makes it easy to protect your credentials when you run notebooks and jobs. 但是,很容易意外将机密打印到标准输出缓冲区,或在变量赋值期间显示该值。However, it is easy to accidentally print a secret to standard output buffers or display the value during variable assignment.

为防止出现此情况,Azure Databricks 会编辑使用 dbutils.secrets.get() 读取的机密值。To prevent this, Azure Databricks redacts secret values that are read using dbutils.secrets.get(). 在笔记本单元格输出中显示时,机密值将替换为 [REDACTED]When displayed in notebook cell output, the secret values are replaced with [REDACTED].

警告

笔记本单元格输出的机密编修仅适用于文本。Secret redaction for notebook cell output applies only to literals. 因此,机密编修功能不会阻止机密文本的故意转换和任意转换。The secret redaction functionality therefore does not prevent deliberate and arbitrary transformations of a secret literal. 若要确保机密的正确控制,你应该使用工作区对象访问控制(限制运行命令的权限),以防止未经授权访问共享笔记本上下文。To ensure the proper control of secrets, you should use Workspace object access control (limiting permission to run commands) to prevent unauthorized access to shared notebook contexts.