Using the workload secret in the Spark application code
To use the workload secret credentials, you can read the credentials that are mounted into the Spark drivers and executors as read-only files.
The workload secrets are mounted into the Spark drivers and executors in this
path: /etc/dex/secrets/<workload-credential-name>/<credential-key-1>
/etc/dex/secrets/<workload-credential-name>/<credential-key-2>
Example workload credentials:
The workload-credential was created with the payload below.
{
"workloadCred": {
"aws-secret": "secret123",
"db-pass": "dbpass123"
},
"name": "workload-cred-1",
"type": "workload-credential",
"description": "workload credential description"
}
The secrets can be read as local files from the paths below within the Spark drivers
and executors:
/etc/dex/secrets/workload-cred-1/aws-secret
/etc/dex/secrets/workload-cred-1/db-pass
Example of a Pyspark application code to read a
secret:
from pyspark.sql import SparkSession
spark = SparkSession \
.builder \
.appName("Sample DB Connection") \
.getOrCreate()
# read the password from the local file
dbPass=open("/etc/dex/secrets/workload-cred-1/db-pass").read()
# use the password in a jdbc connection
jdbcDF= spark.read \