Skip to content

Databricks PAT

(Personal Access Token)

Service Name: Databricks

Service Description: Databricks is a unified data analytics platform designed to help organizations accelerate innovation by unifying data science, engineering, and business. It provides a collaborative environment for data engineering, machine learning, and analytics workflows.

Service Address: https://databricks.com/

Validation Type: API Auth

IP Allow list: IP access controls can be configured at the workspace level through Network Security features in Databricks.

Secret Access Scope: Grants programmatic access to Databricks workspaces and APIs, allowing users to interact with notebooks, jobs, clusters, and other Databricks resources.

Secret Revokement URL: https://docs.databricks.com/dev-tools/auth.html#token-management

Secret Example: dapi0123456789abcdefghijklmnopqrstuv

Suspicious Activity Investigation Instructions:

  • Review the Databricks audit logs for unusual API calls or resource access.
  • Check for unauthorized cluster creation or modification.
  • Monitor for unexpected notebook executions or job runs.
  • Look for data extraction operations or unusual query patterns.
  • Verify if the token was used from unfamiliar IP addresses or locations.

Mitigation Instructions:

  • Log in to your Databricks workspace.
  • Navigate to User Settings (click on your username in the top-right corner).
  • Select the "Access Tokens" tab.
  • Find the compromised token and click "Revoke".
  • Generate a new token if needed with appropriate permissions.
  • Consider implementing IP access restrictions for your Databricks workspace.
  • Review and update your organization's secret management policies.
  • Ensure tokens are rotated regularly according to your security policies.