Databricks Certified Data Engineer Professional — Question 28

Although the Databricks Utilities Secrets module provides tools to store sensitive credentials and avoid accidentally displaying them in plain text users should still be careful with which credentials are stored here and which users have access to using these secrets.
Which statement describes a limitation of Databricks Secrets?

Answer options

• A. Because the SHA256 hash is used to obfuscate stored secrets, reversing this hash will display the value in plain text.
• B. Account administrators can see all secrets in plain text by logging on to the Databricks Accounts console.
• C. Secrets are stored in an administrators-only table within the Hive Metastore; database administrators have permission to query this table by default.
• D. Iterating through a stored secret and printing each character will display secret contents in plain text.
• E. The Databricks REST API can be used to list secrets in plain text if the personal access token has proper credentials.

Correct answer: D

Explanation

The correct answer is D because it highlights a risk associated with handling secrets, where revealing each character can compromise the secret. Option A is incorrect because SHA256 is a one-way hash and cannot be reversed to obtain the original value. Options B and C are inaccurate as account administrators cannot see all secrets in plain text, and secrets are not stored in a table accessible by database administrators by default. Option E is also wrong since the REST API does not allow listing secrets in plain text without appropriate permissions.