improvement: clarify databricks native integration behavior and suggest desingated scope for sync/native integration

2025-03-14 10:27:49 +00:00 · 2025-03-11 14:12:33 -07:00
parent c19016e6e6
commit 7e14c58931
5 changed files with 18 additions and 4 deletions
--- a/docs/integrations/cloud/databricks.mdx
+++ b/docs/integrations/cloud/databricks.mdx
@ -7,6 +7,12 @@ Prerequisites:

 - Set up and add secrets to [Infisical Cloud](https://app.infisical.com)

+<Note>
+    When integrating with Databricks, Infisical is intended to be the source of truth for the secrets in the configured Databricks scope.
+
+    Any secrets not present in Infisical will be removed from the specified scope. To prevent removal of secrets not managed by Infisical, Infisical recommends creating a designated secret scope for your integration.
+</Note>
+
 <Steps>
  <Step title="Authorize Infisical for Databricks">
    Obtain a Personal Access Token in **User Settings** > **Developer** > **Access Tokens**.
--- a/docs/integrations/secret-syncs/databricks.mdx
+++ b/docs/integrations/secret-syncs/databricks.mdx
@ -34,6 +34,8 @@ description: "Learn how to configure a Databricks Sync for Infisical."

            <Note>
                You must create a secret scope in your Databricks workspace prior to configuration. Ensure your service principal has [Write permissions](https://docs.databricks.com/en/security/auth/access-control/index.html#secret-acls) for the specified secret scope.
+
+                Infisical recommends creating a designated Databricks secret scope for your sync to prevent removal of secrets not managed by Infisical.
            </Note>

        5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
--- a/docs/mint.json
+++ b/docs/mint.json
@ -644,8 +644,7 @@
            "api-reference/endpoints/oidc-auth/attach",
            "api-reference/endpoints/oidc-auth/retrieve",
            "api-reference/endpoints/oidc-auth/update",
-            "api-reference/endpoints/oidc-auth/revoke",
-            "integrations/frameworks/terraform-cloud"
+            "api-reference/endpoints/oidc-auth/revoke"
          ]
        },
        {
--- a/frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/DatabricksSyncFields.tsx
+++ b/frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/DatabricksSyncFields.tsx
@ -40,6 +40,8 @@ export const DatabricksSyncFields = () => {
            isError={Boolean(error)}
            errorText={error?.message}
            label="Secret Scope"
+            tooltipClassName="max-w-md"
+            tooltipText="Infisical recommends creating a designated Databricks secret scope for your sync to prevent removal of secrets not managed by Infisical."
            helperText={
              <Tooltip
                className="max-w-md"
--- a/frontend/src/pages/secret-manager/integrations/DatabricksConfigurePage/DatabricksConfigurePage.tsx
+++ b/frontend/src/pages/secret-manager/integrations/DatabricksConfigurePage/DatabricksConfigurePage.tsx
@ -206,8 +206,13 @@ export const DatabricksConfigurePage = () => {
          <span className="text-md ml-3 text-mineshaft-100">Pro Tip</span>
        </div>
        <span className="mt-4 text-sm text-mineshaft-300">
-          After creating an integration, your secrets will start syncing immediately. This might
-          cause an unexpected override of current secrets in Databricks with secrets from Infisical.
+          When integrating with Databricks, Infisical is intended to be the source of truth for the
+          secrets in the configured Databricks scope.
+        </span>
+        <span className="mt-4 text-sm text-mineshaft-300">
+          Any secrets not present in Infisical will be removed from the specified scope. To prevent
+          removal of secrets not managed by Infisical, Infisical recommends creating a designated
+          secret scope for your integration.
        </span>
      </div>
    </div>