Client Secrets Storage Options for Data Engineering on Azure
Question
Maria is a Data Engineer who is also working on mounting ADLS gen2 storage for Databricks.
Apart from Azure Key vault - backed secret scope, what other kind of store can she use to store client secrets?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: B
As a Data Engineer working on mounting ADLS gen2 storage for Databricks, Maria may need to store and access client secrets securely. While Azure Key Vault-backed secret scope is a popular option, there are other kinds of stores she can use as well. Let's take a closer look at each answer option:
A. Azure AD token: Azure AD tokens are used for authentication and authorization to Azure resources. They are not a store for client secrets, but rather a mechanism for generating access tokens that allow users or applications to access Azure resources with a certain level of permissions. Therefore, Azure AD tokens are not an appropriate option for storing client secrets.
B. Databricks-backed secret scope: Databricks-backed secret scope is a feature of Databricks that allows users to store and manage secrets securely. This option is a viable alternative to Azure Key Vault-backed secret scope for storing client secrets, as it provides similar functionality and security. Maria can use Databricks-backed secret scope if it is available in her environment.
C. Tenant ID: Tenant ID is a unique identifier for an Azure Active Directory (Azure AD) tenant. It is not a store for client secrets, but rather a reference to the directory where the Azure resources are located. Therefore, Tenant ID is not an appropriate option for storing client secrets.
D. Client ID: Client ID is a unique identifier for an Azure AD application. It is not a store for client secrets, but rather a reference to the application that is registered in Azure AD. Therefore, Client ID is not an appropriate option for storing client secrets.
E. None of the above: As explained above, options A, C, and D are not appropriate for storing client secrets. However, option B (Databricks-backed secret scope) is a viable alternative to Azure Key Vault-backed secret scope. Therefore, the correct answer is not E, but rather B (Databricks-backed secret scope).
In summary, Maria can use Databricks-backed secret scope, in addition to Azure Key Vault-backed secret scope, to store client secrets securely in her environment.
