Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This reference lists environment variables and configuration fields for Databricks unified authentication. They work consistently across the Databricks CLI, Terraform provider, and SDKs for Python, Java, and Go.
Use this reference to set up authentication or troubleshoot authentication issues. Each entry includes:
- Environment variable: Set this in your shell environment.
.databrickscfgfield: Use this in configuration profiles.- Terraform field: Configure this in your Terraform provider block. See Authentication in the Databricks Terraform provider documentation.
Configfield: Use this when configuring SDKs programmatically with theConfigAPI.
General configuration fields
These variables configure basic connection and compute settings for Databricks.
| Common name | Description | Environment variable | .databrickscfg field, Terraform field |
Config field |
|---|---|---|---|---|
| Azure Databricks host | (String) The Azure Databricks host URL for either the Azure Databricks workspace endpoint or the Azure Databricks accounts endpoint. | DATABRICKS_HOST |
host |
host (Python)setHost (Java)Host (Go) |
| Azure Databricks token | (String) The Azure Databricks personal access token or Microsoft Entra ID token. | DATABRICKS_TOKEN |
token |
token (Python)setToken (Java)Token (Go) |
| Azure Databricks account ID | (String) The Azure Databricks account ID for the Azure Databricks account endpoint. Only has effect when the Azure Databricks host is also set to https://accounts.azuredatabricks.net. |
DATABRICKS_ACCOUNT_ID |
account_id |
account_id (Python)setAccountID (Java)AccountID (Go) |
| Cluster ID | (String) The ID of the cluster to use | DATABRICKS_CLUSTER_ID |
cluster_id |
cluster_id |
| Serverless compute | (String) The serverless compute auto enablement setting. Valid values are auto. |
DATABRICKS_SERVERLESS_COMPUTE_ID |
serverless_compute_id |
serverless_compute_id |
| Common name | Description | Environment variable | .databrickscfg field, Terraform field |
Config field |
|---|---|---|---|---|
| Azure client ID | (String) The Microsoft Entra ID service principal's application ID. Use with Azure managed identities authentication and Microsoft Entra ID service principal authentication. | ARM_CLIENT_ID |
azure_client_id |
azure_client_id (Python)setAzureClientID (Java)AzureClientID (Go) |
| Azure client secret | (String) The Microsoft Entra ID service principal's client secret. Use with a Microsoft Entra ID service principal authentication. | ARM_CLIENT_SECRET |
azure_client_secret |
azure_client_secret (Python)setAzureClientSecret (Java)AzureClientSecret (Go) |
| Client ID | (String) The client ID of the Azure Databricks managed service principal or Microsoft Entra ID managed service principal. Use with OAuth M2M authentication. | DATABRICKS_CLIENT_ID |
client_id |
client_id (Python)setClientId (Java)ClientId (Go) |
| Client secret | (String) The client secret of the Azure Databricks managed service principal or Microsoft Entra ID managed service principal. Use with OAuth M2M authentication. | DATABRICKS_CLIENT_SECRET |
client_secret |
client_secret (Python)setClientSecret (Java)ClientSecret (Go) |
| Azure environment | (String) The Azure environment type. Defaults to PUBLIC. |
ARM_ENVIRONMENT |
azure_environment |
azure_environment (Python)setAzureEnvironment (Java)AzureEnvironment (Go) |
| Azure tenant ID | (String) The Microsoft Entra ID service principal's tenant ID. | ARM_TENANT_ID |
azure_tenant_id |
azure_tenant_id (Python)setAzureTenantID (Java)AzureTenantID (Go) |
| Azure use MSI | (Boolean) True to use Azure Managed Service Identity passwordless authentication flow for service principals. Requires the Azure resource ID to also be set. | ARM_USE_MSI |
azure_use_msi |
AzureUseMSI (Go) |
| Azure resource ID | (String) The Azure Resource Manager ID for the Azure Databricks workspace. | DATABRICKS_AZURE_RESOURCE_ID |
azure_workspace_resource_id |
azure_workspace_resource_id (Python)setAzureResourceID (Java)AzureResourceID (Go) |
.databrickscfg-specific fields
Use these environment variables or fields to specify non-default settings for .databrickscfg. See also Azure Databricks configuration profiles.
| Common name | Description | Environment variable | Terraform field | Config field |
|---|---|---|---|---|
.databrickscfg file path |
(String) A non-default path to the .databrickscfg file. |
DATABRICKS_CONFIG_FILE |
config_file |
config_file (Python)setConfigFile (Java)ConfigFile (Go) |
.databrickscfg default profile |
(String) The default named profile to use, other than DEFAULT. |
DATABRICKS_CONFIG_PROFILE |
profile |
profile (Python)setProfile (Java)Profile (Go) |
Authentication fields
Use these environment variables or fields to enforce a specific type of Databricks authentication.
| Common name | Description | Environment variable | Terraform field | Config field |
|---|---|---|---|---|
| Databricks authentication type | (String) When multiple authentication attributes are available in the environment, use the authentication type specified by this argument. See Supported authentication types. | DATABRICKS_AUTH_TYPE |
auth_type |
auth_type (Python)setAuthType (Java)AuthType (Go) |
| OIDC token environment variable | (String) The name of the environment variable that contains your IdP-issued OIDC token. Used with env-oidc authentication type. Defaults to DATABRICKS_OIDC_TOKEN. |
DATABRICKS_OIDC_TOKEN_ENV |
oidc_token_env |
oidc_token_env (Python)setOIDCTokenEnv (Java)OIDCTokenEnv (Go) |
| OIDC token file path | (String) The path to a local file that contains your IdP-issued OIDC token. Used with file-oidc authentication type. |
DATABRICKS_OIDC_TOKEN_FILEPATH |
oidc_token_filepath |
oidc_token_filepath (Python)setOIDCTokenFilepath (Java)OIDCTokenFilepath (Go) |
Supported authentication types
Supported Databricks authentication type field values include:
oauth-m2m: For machine-to-machine (M2M) authentication with a Databricks service principal through OAuth 2.0. See Authorize service principal access to Azure Databricks with OAuth.pat: For authentication using a Databricks personal access token. See Authenticate with Azure Databricks personal access tokens (legacy).databricks-cli: For interactive sign-in with the Databricks CLI using OAuth 2.0. See Authorize user access to Azure Databricks with OAuth.oidc-token: For token federation with an identity provider (IdP), where Databricks exchanges an IdP-issued OIDC token for a Databricks OAuth token. See Authenticate with an identity provider token.env-oidc: For federation when your IdP token is stored in an environment variable (DATABRICKS_OIDC_TOKEN). See Authenticate with an identity provider token.file-oidc: For federation when your IdP token is stored in a local file (DATABRICKS_OIDC_TOKEN_FILEPATH). See Authenticate with an identity provider token.github-oidc: For GitHub Actions federated authentication via OIDC tokens. See Enable workload identity federation for GitHub Actions.azure-devops-oidc: For Azure DevOps federated authentication via OIDC tokens. See Enable workload identity federation for Azure DevOps Pipelines.
azure-msi: For authentication using an Azure Managed Service Identity (MSI). See Authenticate with Azure managed identities.azure-client-secret: For authentication using an Azure service principal with client secrets. See Authenticate with MS Entra service principals.