You are trying to access secrets, when you get an error message.
com.databricks.common.client.DatabricksServiceException: INVALID_STATE: Databricks could not access keyvault: https://xxxxxxx.vault.azure.net/.
There is not a single root cause for this error message, so you will have to do some troubleshooting.
Confirm permissions are correctly set on the key vault
- Load the Azure Portal.
- Open Key vaults.
- Click the key vault.
- Click Access policies.
- Verify the Get and List permissions are applied.
Inspect the firewall configuration on the key vault
- Load the Azure Portal.
- Open Key vaults.
- Click the key vault.
- Click Networking.
- Click Firewalls and virtual networks.
- Select Private endpoint and selected networks.
- Verify that Allow trusted Microsoft services to bypass this firewall? is set to Yes.
- Attempt to access the secrets.
If you can view the secrets, the issue is resolved.
If you are still getting the INVALID_STATE: Databricks could not access keyvault error, continue troubleshooting.
List all secrets in the secret scope
- Open a notebook.
- List all secrets in scope.
%python dbutils.secrets.list("<scopename>")
Try to access individual secrets
Try to access a few different, random secrets.
%python dbutils.secrets.get("<KeyvaultSecretScope>", "<SecretName>")
If some secrets can be fetched, while others fail, the failed secrets are either disabled or inactive.
Enable individual secrets
- Load the Azure Portal.
- Open Key vaults.
- Click the key vault.
- Click Secrets.
- Click the secret and verify that the status is set to Enabled.
If the secret is disabled, enable it, or create a new version.
Verify that individual secrets are working
Try to access the previously failed secrets.
%python dbutils.secrets.get("<KeyvaultSecretScope>", "<SecretName>")
You can fetch all of them.