Using a workload secret in Spark application code

To use the workload secret credentials, you can read the credentials that are mounted into the Spark drivers and executors as read-only files.

The workload secrets are mounted into the Spark drivers and executors in this path:
/etc/dex/secrets/<workload-credential-name>/<credential-key-1> /etc/dex/secrets/<workload-credential-name>/<credential-key-2>

Example workload credentials to use in the application code:

The workload credential is created with the command below.
./cde credential create --name workload-cred-1 --type workload-credential --workload-cred-key db-pass --workload-cred-key aws-secret
The secrets can be read as local files from the paths below within the Spark drivers and executors:
Example of a PySpark application code to read a secret:
from pyspark.sql import SparkSession
spark = SparkSession \
    .builder \
    .appName("Sample DB Connection") \
# read the password from the local file
# use the password in a jdbc connection
jdbcDF= \
         .jdbc("jdbc:postgresql:dbserver", "schema.tablename",
         properties={"user": "username", "password": dbPass})