Explanation:
The correct answer is D. This method bypasses Databricks' automatic redaction of secret values by iterating through each character of the secret and printing them individually, effectively reconstructing the full secret value in plain text. This is a known behavior in Databricks that security-conscious users should be aware of.
Incorrect options:
dbutils.secrets.get() method does not accept a redacted parameter, leading to a syntax error.print() function does not have a redacted parameter, which would either be ignored or cause an error.display() function will show 'REDACTED' for secret values, as Databricks specifically prevents secrets from being displayed this way.Security Note: While this demonstrates a technical possibility, it's important to note that printing secret values in notebooks violates security best practices. Secrets should only be used when absolutely necessary and never exposed in logs or notebook outputs.
Ultimate access to all questions.
A data engineer has recently learned that users with access to Databricks Secrets might be able to display secret values in notebooks. Which of the following methods could potentially reveal the value of a Databricks secret in plain text?
A
db_password = dbutils.secrets.get('prod-scope', 'db-password', redacted=False) print(db_password)
B
db_password = dbutils.secrets.get('prod-scope', 'db-password') print(db_password, redacted=False)
C
db_password = dbutils.secrets.get('prod-scope', 'db-password') display(db_password)
D
db_password = dbutils.secrets.get('prod-scope', 'db-password') for char in db_password: print(char)
E
There is no workaround to print secrets values in plain text in notebooks. A string 'REDACTED' will always be displayed when trying to print out a secret value.
No comments yet.