Temporary credentials

Authenticate to your private object storage using temporary credentials while creating or updating your Deployment. Temporary credentials provide better security since they expire (more) quickly.

S3

1. Use AWS STS to assume a role with access to your bucket
2. Get a session token
3. In the Deployment configuration, click Private object storage, then click Temporary credentials, then Use temporary credentials
4. Select S3, copy paste your:

• Access key ID (e.g. ASIAIOSFODNN7EXAMPLE)
• Secret access key (e.g. ASIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYIOSFODNN7EXAMPLE)
• Session token (e.g. AQoDYXdzEJr...<remainder of session token>)
  

5. Click Save

Azure Blob Storage

1. Go to your Azure storage account
2. Select Security + networking -> Shared access signature
3. Generate a SAS token with minimally:

• Allowed services: Blob
• Allowed resource types: Container, Object
• Allowed permissions: Read, List

4. In the Deployment configuration, click Private object storage, then click Temporary credentials, then Use temporary credentials
5. Select Azure Blob Storage, copy paste your:

• SAS token (e.g. bsv=2023-11-31&sr=b&sig=39Up9jzHkxhUIhFEjEh954DJxe6cIRCgOv6IGCSØ%3A377&sp=rcw)
• Object storage name (e.g. deeploy)
  

6. Click Save

Databricks

1. In Databricks, go to Settings, click Identity and access, then click Manage Service Principles
2. Add a new Service Principle with Workspace access
3. Give the Service Principle the required permissions
4. Click on the created Service Principle, click Secrets, then Generate secret
5. Use the generated secret and client ID to do an authenticated request to the token endpoint to receive a temporary workspace-level access token
6. Select Databricks Unity Catalog, copy paste your:

• Access token (e.g. eyJraWQiOiIy...<remainder of access token>)

7. Click Save