-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup_secrets.sh
More file actions
executable file
·104 lines (90 loc) · 2.82 KB
/
setup_secrets.sh
File metadata and controls
executable file
·104 lines (90 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/usr/bin/env bash
# Reads .env and pushes Neo4j Aura credentials into the Databricks secret
# scope "neo4j-graph-engineering". Requires the Databricks CLI to be
# installed and authenticated (databricks auth login or DATABRICKS_HOST/
# DATABRICKS_TOKEN env vars).
#
# Usage:
# ./setup_secrets.sh [--profile NAME] [ENV_FILE]
#
# The Databricks profile is resolved once and exported as
# DATABRICKS_CONFIG_PROFILE so every subsequent CLI call in this script
# reuses it without re-prompting. Resolution order:
# 1. --profile / -p flag
# 2. DATABRICKS_CONFIG_PROFILE environment variable
# 3. Interactive prompt (lists available profiles)
set -euo pipefail
SCOPE="neo4j-graph-engineering"
ENV_FILE=".env"
PROFILE="${DATABRICKS_CONFIG_PROFILE:-}"
while [[ $# -gt 0 ]]; do
case "$1" in
-p|--profile)
PROFILE="$2"
shift 2
;;
-h|--help)
echo "Usage: $0 [--profile NAME] [ENV_FILE]"
exit 0
;;
*)
ENV_FILE="$1"
shift
;;
esac
done
if [ ! -f "$ENV_FILE" ]; then
echo "Error: $ENV_FILE not found."
echo "Copy .env.sample to .env and fill in your Neo4j Aura credentials."
exit 1
fi
if ! command -v databricks >/dev/null 2>&1; then
echo "Error: databricks CLI not found. Install from https://docs.databricks.com/dev-tools/cli/"
exit 1
fi
# Resolve the Databricks profile once — every CLI call below inherits it via
# the exported DATABRICKS_CONFIG_PROFILE, so the user is never re-prompted.
if [ -z "$PROFILE" ]; then
echo "Available Databricks profiles:"
databricks auth profiles 2>/dev/null || echo " (could not list profiles — check your ~/.databrickscfg)"
echo
read -r -p "Profile name [DEFAULT]: " PROFILE
PROFILE="${PROFILE:-DEFAULT}"
fi
export DATABRICKS_CONFIG_PROFILE="$PROFILE"
echo "Using Databricks profile: $DATABRICKS_CONFIG_PROFILE"
echo
# Load .env
set -a
# shellcheck disable=SC1090
source "$ENV_FILE"
set +a
: "${NEO4J_URI:?NEO4J_URI is not set in $ENV_FILE}"
: "${NEO4J_USERNAME:?NEO4J_USERNAME is not set in $ENV_FILE}"
: "${NEO4J_PASSWORD:?NEO4J_PASSWORD is not set in $ENV_FILE}"
# Create the scope — if it already exists, that is fine.
set +e
create_out=$(databricks secrets create-scope "$SCOPE" 2>&1)
create_rc=$?
set -e
if [ "$create_rc" -eq 0 ]; then
echo "Created secret scope: $SCOPE"
elif [[ "$create_out" == *"already exists"* ]]; then
echo "Secret scope already exists: $SCOPE"
else
echo "Error creating scope: $create_out" >&2
exit 1
fi
put_secret() {
local key="$1"
local value="$2"
printf ' - %s\n' "$key"
databricks secrets put-secret "$SCOPE" "$key" --string-value "$value"
}
echo "Writing secrets into $SCOPE:"
put_secret "uri" "$NEO4J_URI"
put_secret "username" "$NEO4J_USERNAME"
put_secret "password" "$NEO4J_PASSWORD"
echo
echo "Done. Notebooks can now read via:"
echo " dbutils.secrets.get(\"$SCOPE\", \"uri\")"