Databricks NHI security: what IAM teams need to fix first

TL;DR: Databricks environments rely on personal access tokens, service principals, secrets, and consumer installations, which creates exposed control points when ownership, rotation, and visibility are weak, according to Oasis Security. The governance problem is not Databricks-specific; it is the familiar NHI failure pattern where long-lived credentials outlast accountability and expand blast radius.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps , 38% have no or low visibility, and a further 47% have only partial visibility.

Questions worth separating out

Q: How should security teams govern Databricks service principals and tokens?

A: Treat them as governed non-human identities with named ownership, expiry, rotation, and offboarding requirements.

Q: Why do Databricks integrations create NHI governance risk?

A: Because integrations often receive access once and then persist long after the original approval has faded from memory.

Q: What breaks when secret rotation is not tied to ownership review?

A: Rotation alone can refresh a credential while leaving the wrong owner, the wrong permissions, or the wrong business purpose in place.

Practitioner guidance

• Separate Databricks identity classes in inventory Track personal access tokens, service principals, secrets, and consumer installations as distinct NHI classes with their own owners, expiry rules, and review cadence.
• Require explicit ownership for every non-human identity Make human ownership attestation part of the Databricks approval flow so each token or service principal has a named accountable owner.
• Bind rotation to deactivation and revalidation Rotate secrets on a schedule, then verify that the credential is still needed and still mapped to the right workload.

What's in the full announcement

Oasis Security's full blog covers the operational detail this post intentionally leaves for the source:

• A real-time Databricks identity inventory model that maps consumers, resources, permissions, human owners, and secrets.
• Specific examples of Databricks actions and authentication methods that the integration can surface for review.
• Automation details for secret rotation, owner attestation, and inactive identity cleanup in Databricks workflows.
• Cross-platform expansion notes for Databricks deployments across AWS and GCP.

👉 Read Oasis Security's analysis of Databricks NHI security and lifecycle controls →

Databricks NHI security: what IAM teams need to fix first?

Explore further

View Full Forum →  |  NHI Foundation Course →