Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.
The account storage-credentials command group within the Databricks CLI contains commands to manage storage credentials for a particular metastore. These commands allow you to create, get, list, update, and delete storage credentials that provide access to cloud storage for Unity Catalog.
databricks account storage-credentials create
Create a new storage credential. The request object is specific to the cloud: AwsIamRole for AWS credentials, AzureServicePrincipal for Azure credentials, or GcpServiceAccountKey for GCP credentials. The caller must be a metastore admin and have the CREATE_STORAGE_CREDENTIAL privilege on the metastore.
databricks account storage-credentials create METASTORE_ID [flags]
Arguments
METASTORE_ID
Unity Catalog metastore ID.
Options
--skip-validation
Skip validation of the storage credential (optional, default false).
--json JSON
The inline JSON string or the @path to the JSON file with the request body
Examples
The following example creates an AWS storage credential using JSON:
databricks account storage-credentials create metastore-abc123 --json '{"name": "my-storage-credential", "aws_iam_role": {"role_arn": "arn:aws:iam::123456789012:role/my-role"}}'
The following example creates a storage credential using a JSON file:
databricks account storage-credentials create metastore-abc123 --json @storage-credential.json
The following example creates a storage credential with validation skipped:
databricks account storage-credentials create metastore-abc123 --skip-validation --json @storage-credential.json
databricks account storage-credentials delete
Delete a storage credential from the metastore. The caller must be an owner of the storage credential.
databricks account storage-credentials delete METASTORE_ID STORAGE_CREDENTIAL_NAME [flags]
Arguments
METASTORE_ID
Unity Catalog metastore ID.
STORAGE_CREDENTIAL_NAME
Name of the storage credential.
Options
--force
Force deletion even if the storage credential is not empty.
Examples
The following example deletes a storage credential:
databricks account storage-credentials delete metastore-abc123 my-storage-credential
The following example force deletes a storage credential:
databricks account storage-credentials delete metastore-abc123 my-storage-credential --force
databricks account storage-credentials get
Get a storage credential from the metastore. The caller must be a metastore admin, the owner of the storage credential, or have a level of privilege on the storage credential.
databricks account storage-credentials get METASTORE_ID STORAGE_CREDENTIAL_NAME [flags]
Arguments
METASTORE_ID
Unity Catalog metastore ID.
STORAGE_CREDENTIAL_NAME
Name of the storage credential.
Options
Examples
The following example gets a storage credential:
databricks account storage-credentials get metastore-abc123 my-storage-credential
databricks account storage-credentials list
Get a list of all storage credentials that have been assigned to a given metastore.
databricks account storage-credentials list METASTORE_ID [flags]
Arguments
METASTORE_ID
Unity Catalog metastore ID.
Options
Examples
The following example lists all storage credentials for a metastore:
databricks account storage-credentials list metastore-abc123
databricks account storage-credentials update
Update a storage credential on the metastore. The caller must be the owner of the storage credential. If the caller is a metastore admin, only the owner credential can be changed.
databricks account storage-credentials update METASTORE_ID STORAGE_CREDENTIAL_NAME [flags]
Arguments
METASTORE_ID
Unity Catalog metastore ID.
STORAGE_CREDENTIAL_NAME
Name of the storage credential.
Options
--skip-validation
Skip validation of the storage credential (optional).
--json JSON
The inline JSON string or the @path to the JSON file with the request body
Examples
The following example updates a storage credential using JSON:
databricks account storage-credentials update metastore-abc123 my-storage-credential --json '{"aws_iam_role": {"role_arn": "arn:aws:iam::123456789012:role/updated-role"}}'
The following example updates a storage credential using a JSON file:
databricks account storage-credentials update metastore-abc123 my-storage-credential --json @update-storage-credential.json
The following example updates a storage credential with validation skipped:
databricks account storage-credentials update metastore-abc123 my-storage-credential --skip-validation --json @update-storage-credential.json
Global flags
--debug
Whether to enable debug logging.
-h or --help
Display help for the Databricks CLI or the related command group or the related command.
--log-file string
A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.
--log-format format
The log format type, text or json. The default value is text.
--log-level string
A string representing the log format level. If not specified then the log format level is disabled.
-o, --output type
The command output type, text or json. The default value is text.
-p, --profile string
The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.
--progress-format format
The format to display progress logs: default, append, inplace, or json
-t, --target string
If applicable, the bundle target to use